|Version 2 (modified by trac, 7 years ago) (diff)|
Table of Contents
Trac uses a simple but flexible permission system to control what users can and can't access.
Permission privileges are managed using the trac-admin tool.
Regular visitors, non-authenticated users, accessing the system are assigned the default role (user) named anonymous. Assign permissions to the anonymous user to set privileges for non-authenticated/guest users.
In addition to these privileges users can be granted additional individual rights in effect when authenticated and logged into the system.
To enable all privileges for a user, use the TRAC_ADMIN permission. Having TRAC_ADMIN is like being root on a *NIX system, it will let you do anything you want.
Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac:
|BROWSER_VIEW||View directory listings in the repository browser|
|LOG_VIEW||View revision logs of files and directories in the repository browser|
|FILE_VIEW||View files in the repository browser|
|CHANGESET_VIEW||View repository check-ins|
|TICKET_VIEW||View existing tickets and perform ticket queries|
|TICKET_CREATE||Create new tickets|
|TICKET_APPEND||Add comments or attachments to tickets|
|TICKET_CHGPROP||Modify ticket properties|
|TICKET_MODIFY||Includes both TICKET_APPEND and TICKET_CHGPROP, and in addition allows resolving tickets|
|TICKET_ADMIN||All TICKET_* permissions, plus the deletion of ticket attachments.|
|MILESTONE_VIEW||View a milestone|
|MILESTONE_CREATE||Create a new milestone|
|MILESTONE_MODIFY||Modify existing milestones|
|MILESTONE_ADMIN||All MILESTONE_* permissions|
|ROADMAP_VIEW||View the roadmap page|
|ROADMAP_ADMIN||Alias for MILESTONE_ADMIN (deprecated)|
|REPORT_SQL_VIEW||View the underlying SQL query of a report|
|REPORT_CREATE||Create new reports|
|REPORT_MODIFY||Modify existing reports|
|REPORT_ADMIN||All REPORT_* permissions|
|WIKI_VIEW||View existing wiki pages|
|WIKI_CREATE||Create new wiki pages|
|WIKI_MODIFY||Change wiki pages|
|WIKI_DELETE||Delete wiki pages and attachments|
|WIKI_ADMIN||All WIKI_* permissions, plus the management of readonly pages.|
|TIMELINE_VIEW||View the timeline page|
|SEARCH_VIEW||View and execute search queries|
|CONFIG_VIEW||Enables additional pages on About Trac that show the current configuration or the list of installed plugins|
Currently the only way to grant privileges to users is by using the trac-admin script. The current set of privileges can be listed with the following command:
$ trac-admin /path/to/projenv permission list
This command will allow the user bob to delete reports:
$ trac-admin /path/to/projenv permission add bob REPORT_DELETE
Permissions can be grouped together to form roles such as developer, admin, etc.
$ trac-admin /path/to/projenv permission add developer WIKI_ADMIN $ trac-admin /path/to/projenv permission add developer REPORT_ADMIN $ trac-admin /path/to/projenv permission add developer TICKET_MODIFY $ trac-admin /path/to/projenv permission add bob developer $ trac-admin /path/to/projenv permission add john developer
Granting privileges to the special user anonymous can be used to control what an anonymous user can do before they have logged in.