Help:ACL

From QED

ACL stands for "Access Control List".

On QED, ACLs are currently used for both:

• QED:Folder-Based Access Restrictions
• QED:Category-Based Access Restrictions

ACL Page Names

The following table indicates the names of the ACL pages governing different types of access privileges to pages with names containing a "/".

Please note that:

• the ACL pages for a folder named FOLDER have names of the form "FOLDER/PRIVILEGE:";
• the ACL page named "FOLDER/PRIVILEGE:" does not affect access to the page FOLDER itself.

Efficacy

An ACL page is only effective if it is protected, which requires administrative permissions. If you would like to have an ACL page protected, please send mail to qed@princeton.edu.

For information about how to prevent the search engine from displaying search snippets of pages to which read-access has been restricted using ACLs, see Help:Snippets.

Format

The userids appearing in the lists of privileged users must be capitalized exactly as they appear on the Special:Listusers page. In most cases, this simply means writing Userid rather than userid. Spaces must be replaced by underscores, e.g. Qed_userid. White space (space, tabs, newlines) may be used freely between userids.

On an ACL page, all characters after the first left square bracket or equals sign are ignored.

Logic

• "can edit" implies "can read"

i.e. every userid on a protected FOLDER/edit: page is implicitly on the FOLDER/read: page.

• "can protect" implies "can edit"

i.e. every userid on a protected FOLDER/protect: page is implicitly on both the FOLDER/edit: and FOLDER/read: pages.

In general, if an id is on the edit: page of a folder, there is no need to add it to the read: page.

Restricting to Princeton netids

To grant access to all Princeton netids, add @princeton.edu to the access control list. This can be used to exclude "guests".

See also

• Help:Folder administration
• Help:Restrictions
• Help:Editing_permissions