Fossil

Check-in [ba88f4f2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Clarified the placement of "moderator" and "subscriber" in the power hierarchy expression within www/capabilities.md, since each could float up and down somewhat within the fixed hierarchy we give here. Also fixed a broken URL.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | caps-doc
Files: files | file ages | folders
SHA3-256: ba88f4f2a7ba879c834abd49d5a3c07c1aacf84d8d16e0e505a5c5465f04ef72
User & Date: wyoung 2019-08-23 11:49:29
Context
2019-08-27
01:00
Added (Names) to the "Capability Reference" section of capabilities.md so the reference can be used while reading C source code, which uses these names instead of the capability characters in all code past the login handler. check-in: d48dff8f user: wyoung tags: caps-doc
2019-08-23
11:49
Clarified the placement of "moderator" and "subscriber" in the power hierarchy expression within www/capabilities.md, since each could float up and down somewhat within the fixed hierarchy we give here. Also fixed a broken URL. check-in: ba88f4f2 user: wyoung tags: caps-doc
08:31
Added www/capabilities.md, a complete treatment on user capabilities, user categories, login groups, and administration matters involving all of this. It does not replace the pre-existing admin-v-setup.md doc, but a bit of its content did move into this new doc. The new doc also contains the user capability info previously in the forum.wiki doc. This is on a branch because although it's quite useful already, it could use some work before being merged down. At the barest minimum, there are some unanswered questions in the new doc that need addressing.

This new doc does not replace the existing documentation in the UI. It may be that we end up paring that down a bit now that we have a full doc to refer to, but that is a topic for the forum thread that will appear shortly after this checkin. check-in: 832f107e user: wyoung tags: caps-doc

Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/capabilities.md.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
81
82
83
84
85
86
87
88
89
90
91
92















93
94
95
96
97
98
99
Fossil stores a user’s capabilities as an unordered string of ASCII
characters, one capability per, limited to [alphanumerics][an]. Caps are
case-sensitive: “**A**” and “**a**” are different capabilities. We
explain how we came to assign each character [below](#impl).

[an]:   https://en.wikipediAsa.org/wiki/Alphanumeric
[avs]:  ./admin-v-setup.md
[rbac]: https://en.wikipedia.org/wiki/Role-based_access_contro
[sync]: /help?cmd=sync


## <a name="cat"></a>User Categories

Before we explain individual user capabilities and their proper
administration, we want to talk about an oft-overlooked and
................................................................................

When one or more users need to be different from the basic capabilities
defined in user categories, you can assign caps to individual users. For
the most part, you want to simply read the [reference material
below](#ref) when doing such work.

However, it is useful at this time to expand on the mathematical
expression [above](#cat), which covered only the four user categories.
If we bring the individual user capabilities into it, the full hierarchy
of user power in Fossil is:

> *setup* &ge; *admin* &ge; *moderator* &ge; *developer* &ge; *reader* &ge; *subscriber* &ge; *anonymous* &ge; *nobody*

















## <a name="new"></a>New Repository Defaults

When you create a new repository, Fossil creates only one user account
named after your OS user name [by default](#defuser).








|







 







|




>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
Fossil stores a user’s capabilities as an unordered string of ASCII
characters, one capability per, limited to [alphanumerics][an]. Caps are
case-sensitive: “**A**” and “**a**” are different capabilities. We
explain how we came to assign each character [below](#impl).

[an]:   https://en.wikipediAsa.org/wiki/Alphanumeric
[avs]:  ./admin-v-setup.md
[rbac]: https://en.wikipedia.org/wiki/Role-based_access_control
[sync]: /help?cmd=sync


## <a name="cat"></a>User Categories

Before we explain individual user capabilities and their proper
administration, we want to talk about an oft-overlooked and
................................................................................

When one or more users need to be different from the basic capabilities
defined in user categories, you can assign caps to individual users. For
the most part, you want to simply read the [reference material
below](#ref) when doing such work.

However, it is useful at this time to expand on the mathematical
expression [above](#cat), which covered only the four fixed user categories.
If we bring the individual user capabilities into it, the full hierarchy
of user power in Fossil is:

> *setup* &ge; *admin* &ge; *moderator* &ge; *developer* &ge; *reader* &ge; *subscriber* &ge; *anonymous* &ge; *nobody*

The two additions at the top are clear: [setup is all-powerful](#apsu),
and admin users are [subordinate to the setup user(s)](#a).

The moderator insertion could go anywhere from where it’s shown now down
to above the “anonymous” level, depending on what other caps you give to
your moderators. Also, there is not just one type of moderator: Fossil
has [wiki](#l), [ticket](#q), and [forum](#5) moderators, each
independent of the others. Usually your moderators are fairly
high-status users, with developer capabilities or higher.

The placement of “subscriber” in that hierarchy is shorthand for the
sort of subscriber who has registered an account on the repository
purely to [receive email alerts and announcements](#7). Users higher up
the hierarchy can also be subscribers.


## <a name="new"></a>New Repository Defaults

When you create a new repository, Fossil creates only one user account
named after your OS user name [by default](#defuser).