|
7. TWIG's Internal Security ProvidersTWIG allows for restricting access certain features through two separate systems, these systems comprise the internal security providers: Features and options can be disabled using these two systems, however they are mutually exclusive and have a significantly different implementation details. TWIG's Internal Security Provider can be configured through config.inc.php3's $config["security"] setting. 7.1 BasicThe basic provider is similar to TWIG 1's system by using a series of $disabled[] configuration settings, this disables a given feature for all uses of the installation of TWIG. Please see TWIG's Feature Modules for more details on the various $disabled[] values that can be set. 7.2 AdvancedThe advanced provider is a radical departure from TWIG 1's system, instead of using static configurations for each setting, advanced used an Access Control List (ACL) system that allows for features to be activated or disabled for single users or groups of users. Unlike basic, advanced requires some extra setup:
Note: the setup/advanced.acl.population file populates the ACL database such that the TWIGAdministrators group has administrative access to all aspects of TWIG, and the group Everyone has standard access to all the features in TWIG. You can change this later through the administrative feature of TWIG. Once this is accomplished, log on to TWIG as the administrative user you selected. In the main screen under options you should now have an administration option. From the administrative option you can further configure access to the various features of TWIG. By default all new users of the system will be added to the Everyone group. The system admin can define what groups to add new users to by editing the file config/newusergroups.inc.php3 and following the format contained within.
The advanced system does not support the use of $disabled[] except in a few very specific items, they are as follows:
The advanced security system does not support these options due to the fact that these occur prior to the required code being loaded to support the security functions. |
|