Access Lists and User Groups

Access Lists
Groups
User Group Access Lists
Superhosts and Hosts with Special Permissions
Access Lists for Macros
Troubleshooting
Resources

Access Lists

Access lists are a set of permissions attached to a discussion, folder, or chat room, which determine what privileges are given to individual users or groups of users. Access lists are inherited - that is, unless a discussion or folder has specifically had an access list created for it, it will use the access list of the parent folder.

No Access ListWhen you click on the Access button in the button bar, for a folder or discussion that doesn't have an access list, you get this dialog.

If you want to view the access list it's currently using, click the link to the top-level access list.

If you want to import an access list, click Import and identify the file name. The file must already be in the webx directory on the server. Take care that you identify the filename correctly: if you try to import something from this location other than an access list file, you will corrupt your database!

To create a new access list, click Create Access List.

Figure 2 - Top portion of Access List page:

Access List, top pane

In the top section, individual users and groups of users are listed along with their specific access privileges

Users with no access will not even see the discussion listed in the containing folder. To change access privileges for a given user, click the radio button to set the privileges you wish to invoke. To remove an individual user from the access list, click off the radio button next to the name.

You can also import or export an access list from the buttons in this area.

You can list groups of users instead of individuals in the User Name section.

In the bottom portion of the Access List page you can add users or groups to the list:

Access List, bottom pane

To add users or groups to an access list, type in their names in the more users or groups field, one name per line, specify their access privileges just above, and click Add Users.

Sometimes if the list of names on the access list is too long, you'll need to click Show Access List Only in order to see them all. It's also possible to add users to an access list by looking at a list of all users and choosing (with the checkbox) which users to add. To do this, click Show All in the center of the page. With either of these controls, you can specify a Prefix to indicate to Web Crossing where to start the list. For example, if you wanted all the users from the letter S onward, you would put an S into the prefix box before you clicked the button.

Show User Groups allows you to create groups and add users. See Groups, just below, for more information.

You can limit access to Access Lists to just the sysop, if you wish. Normally all hosts can edit access lists within their own areas. To change this setting, go to the Control Panel > General Settings > Site Information and at the bottom of that section you'll find the checkbox to turn this on or off.

Note: See the sections on Newsgroups and Email for special issues with user access when using those protocols for user participation.


Note: One little oddity about links and access lists: The only way to set an access list for a link is to create the link, then click on it and follow the link. At the location, click on Access List and create the access list. This access list will then be for both the link and the original object. Normally when someone has "no access" for a folder, discussion, etc. they don't even see the item listed in the contents of the containing folder. But with an access list on a link, they will see the link, but are told they don't have access when they attempt to enter.

Groups

Clicking on Show User Groups in the middle of the Access List page gives you a list of all your user groups. There's always a group called "users," containing all your registered users, that is created by default.

User Groups page

To add new groups, choose a name and click on Add New Group. In this example, a new group called "crickets" has already been created. To view the users in any group, click the group name. You'll also be able to add users on that page.

Note: Any privileges given to an individual user will supercede the privileges given to any group of which he or she is a member. For example, if a user is a member of a group given read-only status, he or she can also be individually given host or participant status, with greater privileges, or no-access status, with fewer privileges.

The Access List button here is an access list for the Groups and Access List functions - not a button back to the Access List which brought you here. This is necessary so anyone with host privileges can't add and subtract people to the host group list, for example, without the sysop's approval. For more information see User Group Access Lists below.

You can add users to a specific group at the time of registration. See the Sysop Documentation for more information.

User Group Access Lists

You can restrict access to user groups with an Access List. To find the User Group Access List, click on the Access List for a folder or discussion, and then in the middle of the page, click Show Groups. Clicking on the Access List button on the page listing all the groups will get you to the top-level User Group Access List. If you select a specific group, you'll be given an Access List button which controls access to that specific group. These User Group Access Lists control access to add or subtract users from this group and create and delete groups.

Figure 5 - TopLevel User Group Access List page

User Group Access List page

Names or groups can be added and deleted, as with regular Access Lists.

The access privileges available are:

Superhosts and Hosts with Special Permissions

Superhosts

There's a special category of users called Superhosts. Superhosts have basically sysop-level privileges except they can't change certain configuration settings. Superhosts are generally intended for hosted situations where the true sysop, the hosting ISP, doesn't want the customers to be able to change critical configuration settings such as IP address, etc.

To add Superhosts to your site, go to the Control Panel > User Management > Registered Users > Superhosts and define a group name. Once you actually create a group with that name, any user(s) placed in that group will have superhost privileges. If you don't want superhosts at your site, just leave the field blank.

You can use the WCTL command userIsSuperhost to find out if the user is a member of the superhost group or not. A check for if userIsHostOrSysop will return true for a superhost. Note that for the true sysop, >hostIsSysop is true and userIsSuperhost is false. For superhosts, hostIsSysop and hostIsSuperhost are both true. In other words, a Superhost is considered a sysop for WCTL purposes, but the true sysop is not a Superhost.

So to test to see if the user is the true sysop (i.e. a sysop but not a superhost), you would use:

%% if userIsSysop && !userIsSuperhost %%

Hosts with Special Permissions

If you have hosts who need to use WCTL, you can add them to the "wctlUsers" group. If you have hosts who need to be able to edit CGI web pages, you can add them to the "cgiUsers" group. Superhosts are automatically members of these groups by default.

Access Lists for Macros

As of Web Crossing 4.1+ it's possible to create Web Crossing links to macros. See Linking to Macros and Static Files.

Troubleshooting

I logged in as a test user who'd been given a certain set of access privileges, but my test user didn't have the privileges I expected.

My access lists or user groups lists changed and I didn't do anything to it!

Resources

Sysop Documentation

Sysop Control Panel