November 25, 2024, Monday, 329

Setting user rights in MediaWiki

From NeoWiki

Revision as of 02:22, 15 November 2007 by Neo (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
See also Help:User rights.

This page is about rights within MediaWiki. Beyond that, there is the right to edit the php files, and the right to directly access the database.

Contents

Granting rights to users

There is a simple interface (Special:Userrights) for granting a specific username 'sysop' status or (in MediaWiki 1.11) granting and revoking membership to groups with all associated user rights - a user with 'Bureaucrat' status can enter a username into this form to do this.

Older versions of MediaWiki (prior to 1.5) do not have a general interface for setting the user rights field of user accounts (use Special:Makesysop instead).

In MediaWiki versions before 1.11 assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this (if you're using 1.4 or higher, see below):

> mysql -u root -p

mysql> use wikidb;

mysql> UPDATE user SET user_rights='bureaucrat,sysop' WHERE user_name='The Username';

The "user" in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

Note that you probably need to log out and log back in for the rights information to be properly updated.


MediaWiki version: 1.4 or older

If you are using 1.4: The user_rights field has been removed and the user rights are now located in their own table. The new table is user_rights. It contains two fields; ur_user and ur_rights. This sql query should do the trick.

UPDATE user_rights SET ur_rights="bureaucrat,sysop" WHERE ur_user=1;

You may need to replace the number 1 with the appropriate user id. The user will need to log out and log back in before that user's rights will be in effect.


MediaWiki version: 1.5 or later

If you are using 1.5: The user rights are in a new table called user_groups with two fields called ug_user and ug_group. There must be one row inserted for each user right. You must know the user id number of the user from the "user" table. This sql query should do the trick. In the example below substitute 1 with the user ID number from the user table.

INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'bureaucrat'); 
INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'sysop');

Using phpMyAdmin

If you do not have raw access to mySQL, you can update a user's privileges via phpMyAdmin. First open phpMyAdmin, and from the left-hand frame, choose your wiki's database from the drop-down box. In the right-hand frame, a page will load listing all of the tables in the DB. At top of that page in the right-hand frame, click on the "SQL" tab. You should now see a text-box. Enter the appropriate query in to the box.

For example, if you are trying to give a user Bureaucrat & Sysop privileges in 1.4, you would enter:

UPDATE user_rights SET ur_rights="bureaucrat,sysop" WHERE ur_user=1;

... replacing, of course, the "1" in "ur_user=1" with the user's ID. (You can find this by clicking on the link in the left-hand frame which says "user." Then click the "Browse" tab and find the user's name. The ID will be on the left.)

Then push "GO". If you don't see an "error" message, then it worked.

In newer versions you have to enter (see above)

INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'bureaucrat'); 
INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'sysop');

The main point to remember is NOT to use things like:

> mysql -u root -p

mysql> use wikidb; 

in phpMyAdmin.

User rights levels

sysop

A user marked as 'sysop' can delete and undelete pages, protect and unprotect pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contribs. See Help:Administration for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere.)

developer

This is obsolete and removed from later versions of the software.

Developer has special rights and sees additional features in the Special-Pages (lock / unlock DB) as well in setting User-rights. Only a developer can UN-Set (delete) the Sysop-Rights of an admin....

bureaucrat

This is a user that is allowed to turn other users into sysops via the aforementioned Special:Userrights page...

bot

A registered bot account. Edits by an account with this set will not appear by default in Recent changes; this is intended for mass imports of data without flooding human edits from view. (To show bot edits, either click the "Show bots" link on the Special:Recentchanges page, or append &hidebots=0 directly to the page URL, e.g. like this on Wikipedia, or like this on NeoWiki.)

See the category Wikipedia:Category:Wikipedia vandalism on main Wikipedia.

Revoking user's privileges

Attention! In versions after MediaWiki 1.4, the table user_rights is gone, instead using table user_groups ! see maintenance/tables.sql


In its current development stage, MediaWiki has a web-based interface to create users and make sysops and bureaucrats, but it has no interface for revoking privileges.

Currently, the only way to downgrade user's privileges is through SQL:

UPDATE user SET user_rights='' WHERE user_name='yourusername';

Version 1.4 Mediawiki:

UPDATE user_rights SET ur_rights="" WHERE ur_user=1;

or using Program phpMyAdmin read a textfile into the "TINYBLOB" ur_rights or table user_rights that contains the proper user-entries "sysop,bureaucrat,developer"

--HeliR 12:01, 4 Jan 2005 (UTC)

Configuring access restrictions to your wiki

Also see Preventing Access


For MediaWiki version 1.4 and prior, you can customise user restrictions by placing some or all of the commands below into LocalSettings.php; be sure to place them *below* the following statement:

# this must be above all of your custom changes!
require_once( "includes/DefaultSettings.php" );
# Specify who can edit: true means only logged in users may edit pages
$wgWhitelistEdit = true;

# Pages anonymous (not-logged-in) users may see
$wgWhitelistRead = array ("Main Page", "Special:Userlogin", "Wikipedia:Help");

# Specify who may create new accounts: 0 means no, 1 means yes
$wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 );

If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the Special:Userlogin page. You may manually enter the address http://<YOUR_WIKI_SERVER_ROOT_HERE>/index.php/Special:Userlogin into the address bar, or by clicking Special pages link in the toolbox menu, then click Create an account or log in (the first item available). Warning: Mediawikis in other languages must change the whitelist pagenames. e.g. German: "Spezial:Userlogin" instead of "Special:Userlogin".

If you set $wgWhitelistEdit = true in LocalSettings.php, you may also want to set

$wgShowIPinHeader = false; # For non-logged in users

This removes the link to the talk page in the header for non-logged in users. You may also want to change the contents of your wiki's MediaWiki:Userlogin page from Create an account or log in to Log in.

For version 1.5 and above, see the Help:User_rights page for instructions on configuring access rights.

Other configuration options

This might be useful for cases where editing (or even read access) should be performed by only a select group. MediaWiki can be a useful group collaboration tool on small as well as large scales.

When creating the whitelist, don't forget to add the stylesheet pages, for example "MediaWiki:Monobook.css" and "MediaWiki:Monobook.js". Also add "-" for the default style.

$wgSysopUserBans    = false;      # Allow sysops to ban logged-in users
$wgSysopRangeBans   = false;      # Allow sysops to ban IP ranges