Hi Werner, In order to achieve what you are asking for (lock everything up except the homepage), you just need to go to "Administration > Users & Groups > Rights", click on "Users" and under "Unregistered Users" deny the "View" right. This means that unregistered users can not access *any* document (UserDirectory or user profiles are not special so they too will not be accessible) on your wiki, however, compared to the "Prevent unregistered users from viewing pages, regardless of the page or space rights" option, you are free to set up rights and exceptions for unregistered users (like the homepage that you want to leave accessible).
To allow unregistered users to view your homepage, just edit the Rights of the homepage, go to "Users > Unregistered Users" and allow the "View" right. The problem you have now is that the homepage will look weird to unregistered users, because they do not have view access on the skin, on the dashboard, on panels, etc... so you now need to add one by one the elements needed for the homepage to display nicely. Once you are happy with how the homepage looks for guests/unregistered users, you are done. Hope that helps, Eduard On Fri, Aug 29, 2014 at 11:37 AM, Werner Kok <[email protected]> wrote: > Hi, > > Thank you for your reply. > > I have indeed gone through the rights setup and have it configured so that > the Main.WebHome page is publicly accessible, but that all other spaces > require login. > > There is however no way I can see to prevent unregistered user access to > the following spaces in XWiki: > /xwiki/bin/view/Main/UserDirectory > /xwiki/bin/view/XWiki/[username] > > Is there any way to secure these two spaces, without locking down the > entire XWiki installation? > > > Thanks, > Werner > > > > On 13 Aug 2014, at 10:37 AM, Eduard Moraru <[email protected]> wrote: > > > Hi Werner, > > > > By default, the XWiki Enterprise software does not restrict view access > to > > anything in the wiki. It`s up to the administrator that installs his own > > XWiki instance to configure rights based on the requirements of his > > installation. In some cases it's ok to expose users (see www.xwiki.org), > in > > others it may be problematic (like some publicly accessible intranet for > > example). > > > > If you are in the latter case where you need pages to not be viewable by > > certain users (e.g. guests/unregistered users), have a look at XWiki's > > right management > > http://platform.xwiki.org/xwiki/bin/view/Features/RightsManagement ( > with > > more details on > > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights ) and > > properly configure your wiki according to your needs. > > > > Thanks, > > Eduard > > > > > > On Mon, Aug 11, 2014 at 2:13 PM, Werner Kok <[email protected]> > > wrote: > > > >> Hi There, > >> > >> I’ve noticed that an XWiki installation has its user directory as well > as > >> full user profiles openly accessible to the public. > >> > >> Is this not a huge security risk? Or am I missing a configuration > setting > >> somewhere? > >> > >> For example, http://www.xwiki.com has all its users publicly accessible > >> here: http://www.xwiki.com/lang/en/Main/UserDirectory and each user’s > >> complete personal profile details is viewable. > >> > >> Is there a way to secure this information? > >> > >> > >> Thanks, > >> Werner > >> _______________________________________________ > >> users mailing list > >> [email protected] > >> http://lists.xwiki.org/mailman/listinfo/users > >> > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
