MediaWiki: Additional user group and non-default permissions

I had to deploy some king of Knowledge Base web application, my first choice was a Wiki for it’s easy page creation and edition. There is one major drawback, Wiki was originally designed to be editable any and all users. A drawback that can be overcome by proper configuration.

I had previous configuration experience with MediaWiki and I chose to try it first. My configuration requirements are simple:Any

  • Any user can register/create an account – this way I would not have to do it.
  • Reading, changing and creation of pages would be restricted to user’s in a custom group.

I was looking long to find default MediaWiki group list to extend it with my custom one. There is no such default list. All default groups are used in code through the system.

As it transpired you can add any custom group just by setting a custom permission to a custom group name. So this configuration setting did the trick:


$wgGroupPermissions['*'    ]['createaccount']   = true;
$wgGroupPermissions['*'    ]['read']            = false;
$wgGroupPermissions['*'    ]['edit']            = false;
$wgGroupPermissions['*'    ]['createpage']      = false;
$wgGroupPermissions['*'    ]['createtalk']      = false;

$wgGroupPermissions['CustomGroupName']['read']          = true;
$wgGroupPermissions['CustomGroupName']['edit']          = true;
$wgGroupPermissions['CustomGroupName']['createpage']    = true;
$wgGroupPermissions['CustomGroupName']['createtalk']    = true;

$wgGroupPermissions['user' ]['move']            = false;
$wgGroupPermissions['user' ]['read']            = false;
$wgGroupPermissions['user' ]['edit']            = false;
$wgGroupPermissions['user' ]['createpage']      = false;
$wgGroupPermissions['user' ]['createtalk']      = false;
$wgGroupPermissions['user' ]['upload']          = false;
$wgGroupPermissions['user' ]['reupload']        = false;
$wgGroupPermissions['user' ]['reupload-shared'] = false;
$wgGroupPermissions['user' ]['minoredit']       = false;
$wgGroupPermissions['user' ]['purge']           = false;

This is not yet tested so if you plan to put some confidential data please read this first.

Leave a Reply

Back to Top