3 common rights misconfigurations in XWiki and how to solve them

29 Jun 2022 5 min read

Written by

Andreea Chirica

, Communications and Support Specialist

In this article you will find out a number of most common misconfigurations or actions that can be avoided in XWiki and how they can be handled in order to deal better with future similar scenarios.

1. Rights errors appear throughout the wiki

A user with admin rights is deleted from the wiki, thus all the pages containing scripts where they were the last author will show an error instead of the content of the page.

Solution 1: make users inactive instead of deleting them.
Solution 2: with a user that has programming rights, use this extension (or the script shown in the description of the extension) to replace the admin user with another admin user that is currently active on the instance.

2. Specific users cannot see a wiki page

We've seen this case quite often when an administrator of a wiki writes to the support team that specific users cannot see a page, while others can. The first aspect to check is there are any explicit rights set to users or groups to that page level or on its' parent page (at Page & Children level), if there is one. Let's take the example of the following published blog post on a wiki.

As an admin user, click on the Access Rights option (which is available if it would be a child page). Then, you can check the Users section to see if there are any explicit rights given to a specific user. In this case, an editor of the blog post possibly forgot to remove the explicit rights that would allow only to him to see the blog post.

Solution 1: As a wiki admin, you can remove those explicit rights given to the specific user and leave all cells blank so that all users with View rights given at global level from the wiki administration see the published blog post.
Solution 2: If you do want to restrict who sees certain blog posts, you can set explicit rights on that blog post to groups of users that you would want to be able to see it or even edit it.
Solution 3: You can go even further and set permissions on the Blog home page, at Page and Page & Children level, setting for groups who would be able to view or view and edit blog posts for that specific Blog.

Bonus: you can use this snippet script to find out if a user has rights on a certain page.

3. Access to a parent page is not allowed, but child pages are visible

This usually happens when giving an explicit right on page and/or space (Page & Children) level to other users or to groups from which the user is not part of. Check the following case of a Dashboard page on a wiki. On your wiki you have two groups you'd like to give explicit permissions on the Dashboard parent page and its children: "WikiContributors" and "WikiViewers".

As an admin, you access Administer Page from the page menu and at page and children level, you allow the View, Comment and Modify rights to WikiContributors. You also have a group that you'd like to be able to see the content of the Dashboard page and its children, so you allow the View right to WikiViewers

These allowed rights would not be enough so that the WikiViewers users see the content on the Dashboard parent page. When a user from the WikiViewers would now visit the Dashboard parent page, they would see a message mentioning that they don't have the right to view the page. The problem comes from the situation that on the Page level, the admin user has set explicit rights only to the WikiContributors.

Solution: provide the explicit View right on the Page level for the WikiViewers as well. This will allow the WikiViewers users to see the Dashboard parent page content as well, and not only the children pages.

You may also be interested in: