| 1 | = User access model = |
| 2 | |
| 3 | There are two kinds of users, those who have logged onto the project as a named user |
| 4 | and those who have not. While not logged on the user is an anonymous user. |
| 5 | |
| 6 | You also need to know that there are two components to a project - a trac envrionment |
| 7 | (wiki and ticketing system) and an svn repository. The two have distinct access |
| 8 | control mechanisms, which we try to keep in sync with each other. |
| 9 | |
| 10 | There are three kinds of access levels that a user account (or the anonymous user) |
| 11 | may have: |
| 12 | |
| 13 | 1. User access. This is a different name for read access, but "read access" does not |
| 14 | quite hit the spot as this includes the permission to create and comment on tickets. |
| 15 | This includes read access to the svn repository. |
| 16 | 1. Developer access. This is a different name for read/write access. The permissions |
| 17 | are a superset of user access. This includes read/write access to the svn repository. |
| 18 | 1. Admin access, or TRAC_ADMIN permission. This gives full access to the trac environment, |
| 19 | but no access at all to the svn repository (other than browsing it through the wiki). |
| 20 | |
| 21 | To make these access levels real, the permission groups "user" and "developer" have been |
| 22 | defined. There is also an hourly job on the system that translates this information into |
| 23 | svn repository access permissions. This is done in case that an admin has changed access |
| 24 | to the trac environment. There is no permission group "admin", as this has no effect on |
| 25 | the svn repository and can be handled by the trac permission TRAC_ADMIN. |
| 26 | |
| 27 | Admins and developers have an "Admin" button in the wiki. When they use it an admin |
| 28 | can select General : Permissions to configure which users have which level of access: |
| 29 | |
| 30 | 1. To grant anonymous read access (user access) use the bottom right panel with subject |
| 31 | "anonymous" and group "user". |
| 32 | 1. To grant read access (user access) to a named user use the bottom right panel with |
| 33 | the user name as subject and with group "user". |
| 34 | 1. To grant read/write access (developer access) to a named user use the bottom right |
| 35 | panel with the user name as subject and with group "developer". |
| 36 | A user is never given both user and developer access explicitly, developer access |
| 37 | includes user access anyway. If you promote someone from user access to developer |
| 38 | access, you should remove the explicit user access for that user. |
| 39 | 1. To grant admin access to a names user use the top right panel with the user name |
| 40 | as subject and with action "TRAC_ADMIN". |
| 41 | |
| 42 | '''Warning:''' Although admin access includes developer and user access to the wiki and |
| 43 | ticketing system, it does not include any access to the repository through and svn client. |
| 44 | In general an admin is also explicitly a user or a developer. |