Mediawiki Security Matrix

From Micylou WIKI
Revision as of 13:56, 14 April 2021 by DochyJP (talk | contribs) (Text replacement - "[{{fullurl:{{FULLPAGENAMEE}}|action=mpdf}} Download this page as PDF]" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Mediawiki Security Matrix
Source: DataSource
Language: English
Topic: Mediawiki
SubTopic: Security
Last Edit By: DochyJP
LastEdit: 2021-04-14
Document type: Documentation
Status: Active
Access: free

Micylou Standard Mediawiki Security Matrix

Defaults

Micylou builds a start-up solution based on the original Mediawiki LTS package and includes additional extensions to build its start-up solution.

Therefore, the roles and rights included in these extensions are taken into account, even if the extension is not activated.

Roles by groups

Source Permission Description By default As from * Reset * Granted User Reset User Granted sysop Granted Bot Granted Bureaucrat Granted Linux-Admin Granted Wiki-Admin Granted Wiki-Moderator Granted Wiki-Editor Granted Wiki-Updater Granted
Default Mediawiki apihighlimits Use higher limits in API queries bot, sysop 1.12+
Default Mediawiki applychangetags Apply tags along with one's changes user 1.25+ X X X X
Default Mediawiki autoconfirmed Not be affected by IP-based rate limits - used for the 'autoconfirmed' group, see the other table below for more information autoconfirmed, bot, sysop 1.6+
Default Mediawiki autocreateaccount Automatically log in with an external user account - a more limited version of createaccount 1.27+ X LDAP REQUIREMENT
Default Mediawiki autopatrol Have one's own edits automatically marked as patrolled - $wgUseRCPatrol must be true bot, sysop 1.9+ X X
Default Mediawiki bigdelete Delete pages with large histories (as determined by $wgDeleteRevisionsLimit) sysop 1.12+ X X
Default Mediawiki block Block other users from editing - Block options include preventing editing and registering new accounts, and autoblocking other users on the same IP address sysop 1.5+ X X X
Default Mediawiki blockemail Block a user from sending email - allows preventing use of the Special:Emailuser interface when blocking - requires the block right sysop 1.11+ X X X X
Default Mediawiki bot Be treated as an automated process - can optionally be viewed bot 1.5+
Default Mediawiki browsearchive Search deleted pages - through Special:Undelete sysop 1.13+ X X X X X
Default Mediawiki changetags Add and remove arbitrary tags on individual revisions and log entries - currently unused by extensions user 1.25+ X X X X X X X
Default Mediawiki createaccount Create new user accounts - register / registration *, sysop 1.5+ X X X X X
Default Mediawiki createpage Create pages (which are not discussion pages) - requires the edit right *, user 1.6+ X X X X X X X X
Default Mediawiki createtalk Create discussion pages - requires the edit right *, user 1.6+ X X X
Default Mediawiki delete allows the deletion or undeletion of pages. sysop 1.5+ X X X X X X X
Default Mediawiki deletechangetags Delete tags from the database - currently unused by extensions sysop 1.28+ X
Default Mediawiki deletedhistory View deleted history entries, without their associated text sysop 1.6+ X X X X X X
Default Mediawiki deletedtext View deleted text and changes between deleted revisions sysop X X X X X X
Default Mediawiki deletelogentry Delete and undelete specific log entries - allows deleting/undeleting information (action text, summary, user who made the action) of specific log entries - requires the deleterevision right (not available by default) sysop 1.20+ X X
Default Mediawiki deleterevision Delete and undelete specific revisions of pages - allows deleting/undeleting information (revision text, edit summary, user who made the edit) of specific revisions Split into deleterevision and deletelogentry in 1.20 (not available by default) sysop 1.6+ X X X X X
Default Mediawiki edit Edit pages *, user 1.5+ X X X X X X
Default Mediawiki editcontentmodel Edit the content model of a page user 1.23.7+ X X X X X X X
Default Mediawiki editinterface Edit the user interface - contains interface messages. For editing sitewide CSS/JSON/JS, there are now segregate rights, see below. sysop, interface-admin 1.5+ X X X
Default Mediawiki editmyoptions Edit your own preferences * 1.22+ X X X X X X X
Default Mediawiki editmyprivateinfo Edit your own private data (e.g. email address, real name) * 1.22+ X X X X X X X
Default Mediawiki editmyusercss Edit your own user CSS files - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the editusercss right) user 1.22+ X
Default Mediawiki editmyuserjs Edit your own user JavaScript files - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the edituserjs right) user 1.22+ X
Default Mediawiki editmyuserjson Edit your own user JSON files (note that this is not needed if the group already has the edituserjson right) user 1.31+ X
Default Mediawiki editmywatchlist Edit your own watchlist. Note some actions will still add pages even without this right. * 1.22+ X
Default Mediawiki editprotected Edit pages protected as "Allow only administrators" - without cascading protection sysop 1.13+ X X X X X
Default Mediawiki editsemiprotected Edit pages protected as "Allow only autoconfirmed users" - without cascading protection autoconfirmed, bot, sysop 1.22+ X X X X X
Default Mediawiki editsitecss Edit sitewide CSS interface-admin 1.32+ X X X
Default Mediawiki editsitejs Edit sitewide JavaScript interface-admin 1.32+ X X X
Default Mediawiki editsitejson Edit sitewide JSON sysop, interface-admin 1.32+ X X X
Default Mediawiki editusercss Edit other users' CSS files interface-admin 1.16+ X X X
Default Mediawiki edituserjs Edit other users' JavaScript files interface-admin 1.16+ X X X
Default Mediawiki edituserjson Edit other users' JSON files sysop, interface-admin 1.31+ X X X
Default Mediawiki hideuser Block a username, hiding it from the public - (not available by default) 1.10+ X X X X
Default Mediawiki import Import pages from other wikis - “transwiki” sysop 1.5+ X X X X
Default Mediawiki importupload Import pages from a file upload - This right was called 'importraw' in and before version 1.5 sysop 1.5+ X X X
Default Mediawiki ipblock-exempt Bypass IP blocks, auto-blocks and range blocks sysop 1.9+ X X X
Default Mediawiki managechangetags Create and (de)activate tags - currently unused by extensions sysop 1.25+ X X X
Default Mediawiki markbotedits Mark rolled-back edits as bot edits - see Manual:Administrators#Rollback sysop 1.12+ X X X
Default Mediawiki mergehistory Merge the history of pages sysop 1.12+ X X X
Default Mediawiki minoredit Mark edits as minor user 1.6+ X X X X X X
Default Mediawiki move Move pages - requires the edit right user, sysop 1.5+ X X X X X X
Default Mediawiki move-categorypages Move category pages - requires the move right user, sysop 1.25+ X X X X X
Default Mediawiki movefile Move files - requires the move right and $wgAllowImageMoving to be true user, sysop 1.14+ X X X X X
Default Mediawiki move-rootuserpages Move root user pages - requires the move right user, sysop 1.14+ X X X X X
Default Mediawiki move-subpages Move pages with their subpages - requires the move right user, sysop 1.13+ X X X X X
Default Mediawiki nominornewtalk Not have minor edits to discussion pages trigger the new messages prompt - requires the minor edit right bot 1.9+
Default Mediawiki noratelimit Not be affected by rate limits - not affected by rate limits (prior to the introduction of this right, the configuration variable $wgRateLimitsExcludedGroups was used for this purpose) sysop, bureaucrat 1.13+ X X X X
Default Mediawiki override-export-depth Export pages including linked pages up to a depth of 5 ? X X X X
Default Mediawiki pagelang Change page language - $wgPageLanguageUseDB must be true 1.24+ X X X X
Default Mediawiki patrol Mark others' edits as patrolled - $wgUseRCPatrol must be true sysop 1.5+ X X X
Default Mediawiki patrolmarks View recent changes patrol marks 1.16+ X X X X X
Default Mediawiki protect Change protection levels and edit cascade-protected pages sysop 1.5+ X X X X
Default Mediawiki purge Purge the site cache for a page - URL parameter "&action=purge" user 1.10+ X X X X
Default Mediawiki read Read pages - when set to false, override for specific pages with $wgWhitelistRead 1.5+ X X
Default Mediawiki readapi *, user, bot 1.13+ X X X X X X X X X X X
Default Mediawiki reupload Overwrite existing files - requires the upload right user, sysop 1.6+ X X X X X X X
Default Mediawiki reupload-own Overwrite existing files uploaded by oneself - requires the upload right (note that this is not needed if the group already has the reupload right) 1.11+ X X X X X X X
Default Mediawiki reupload-shared Override files on the shared media repository locally - (if one is set up) with local files (requires the upload right) user, sysop 1.6+ X X X X X X X
Default Mediawiki rollback Quickly rollback the edits of the last user who edited a particular page sysop 1.5+ X X X X
Default Mediawiki sendemail Send email to other users user 1.16+ X X X X X X X X X
Default Mediawiki siteadmin Lock and unlock the database - which blocks all interactions with the web site except viewing. (not available by default) 1.5+ X X X X
Default Mediawiki suppressionlog View private logs 1.6+ X X X X
Default Mediawiki suppressredirect Not create redirects from source pages when moving pages bot, sysop 1.12+ X X X
Default Mediawiki suppressrevision View, hide and unhide specific revisions of pages from any user - Prior to 1.13 this right was named hiderevision (not available by default) 1.6+ X X X
Default Mediawiki unblockself Unblock oneself - Without it, an administrator that has the capability to block cannot unblock themselves if blocked by another administrator sysop 1.17+ X X X
Default Mediawiki undelete Undelete a page - requires the deletedhistory right sysop 1.12+ X X X X X
Default Mediawiki unwatchedpages View a list of unwatched pages - lists pages that no user has watchlisted sysop 1.6+ X X X
Default Mediawiki upload Upload files - requires the edit right and $wgEnableUploads to be true user, sysop 1.5+ X X X X X X X X X
Default Mediawiki upload_by_url Upload files from a URL - requires the upload right (Prior to 1.20 it was given to sysops) 1.8+ X X X
Default Mediawiki userrights Edit all user rights - allows the assignment or removal of all* groups to any user. bureaucrat 1.5+ X X X X
Default Mediawiki userrights-interwiki Edit user rights of users on other wikis 1.12+ X X X
Default Mediawiki viewmyprivateinfo View your own private data (e.g. email address, real name) * 1.22+ X X
Default Mediawiki viewmywatchlist View your own watchlist * 1.22+ X X
Default Mediawiki viewsuppressed View revisions hidden from any user - i.e. a more narrow alternative to "suppressrevision" (note that this is not needed if the group already has the suppressrevision right) 1.24+ X X X
Default Mediawiki writeapi Use of the write API *, user, bot 1.13+ X X X X X X X X X X X
ExtensionRevsApprove $egApprovedRevsBlankIfUnapproved FALSE
ExtensionRevsApprove $egApprovedRevsShowApproveLatest TRUE
ExtensionRevsApprove $egApprovedRevsShowNotApprovedMessage TRUE
ExtensionRevsApprove approverevision X X X X X
ExtensionRevsApprove egApprovedRevsAuto$maticApprovals FALSE
ExtensionRevsApprove egApprovedRevsBlan$kIfUnapproved FALSE
ExtensionRevsApprove egApprovedRevsShowNotApprovedMessa$ge TRUE
ExtensionRevsApprove viewapprover X X X X X X X X X X X X
ExtensionRevsApprove viewlinktolatest X X X X X X
Extention UserMerge usermerge X X X X
Extension EditUser edituser X X X




Back to top of this page

Back to Welcome Page

Security matrix of our default solution set up in LocalSettings.php - restricted access

View of the detailed Mediawiki Security Configuration is restricted.



Back to top of this page

Back to Welcome Page

Retrieved from "https://wiki.micylou.com/index.php?title=Mediawiki_Security_Matrix&oldid=773"