QED:Policies
From QED
For details about the terms and conditions governing use of the Princeton QED website, please see Terms of Use.
The QED service is intended for academic use.
Policies regarding access are described below.
Contents |
Access
The basic policies governing access are as follows:
- anyone with a Princeton University LDAP login can login to QED;
- anyone except possibly for anonymous users can view pages in the root folder of the main namespace;
- any page can be made inaccessible to anonymous users (see Restricted:Princeton);
- anonymous users cannot upload files or create or modify any pages;
- anonymous users cannot read pages in the Princeton:, Course:, or Project: namespaces;
- write-access to User: pages is restricted to the user and QED administrators;
- if someone has logged in to QED and has read-access to a page, that person will also have write-access to the corresponding discussion page unless it has been protected;
- In particular, if someone who has logged in can read pages in your User: namespace, that person generally has write-access to your User talk: pages.
- any page can be write-protected from everyone except those with administrative privileges;
- there is a way to define folder-based access restrictions;
- there is a way to define category-based access restrictions;
Guest accounts are available for academic or research purposes.
If you wish to create a web space in which read and/or write access is restricted to a specific set of individuals, then the best approach is generally to use folder-based access. Courses and projects should generally use this method, which is used for example, by the Mapping Globalization project. Folder-based access can be established independently in the main namespace, as well as in the Course: and Project: namespaces. If you wish to create a web space with folder-based access, please send mail to qed@princeton.edu.
Namespace Restrictions
The following table summarizes namespace-level access restrictions. Please note that:
- Access restrictions are additive — the most restrictive rule applies.
- Folder-based access is generally the preferred method for defining additional restrictions in the various namespaces.
- Guests are denied access to pages in the Princeton:, Course: and Project: namespaces except for pages in folders to which they have specifically been granted access.
- Anyone who can protect a page can also edit and unprotect it.
| Namespace | read access | write access | ability to protect and unprotect |
| User: | all | the user | administrators |
| Princeton: | Princeton users and authorized guests | Princeton users and authorized guests | administrators |
| Course: | courseRead privilege (*) | courseWrite privilege (*) | courseProtect privilege |
| Project: | projectRead privilege (*) | projectWrite privilege (*) | projectProtect privilege |
(*) Currently, all Princeton users have these privileges, and guests may be given authorization to access specific folders. Access to pages in the Course: and Project: namespaces is typically restricted by folder-based ACLs (access control lists).
