wiki:TracUserManagement

Thanks to recent changes to pgluser r10132, access to the Theon Trac is now managed automatically within DICE. As a result of these changes, group membership should not be defined using the Trac admin interface since changes to managed groups will be lost.

For a full list of mapped groups, and to define more, see the appropriate headers:

<dice/options/theon-basecamp.h> (group definition)
<live/theon-basecamp.h>         (non-capability-based group membership)

Access for Trac administration is defined statically in the resource

pgluser.users_TRAC_ADMIN

in the live header; all other access is defined by DICE capability. Each capability corresponds to a Trac group, which itself contains manually-configured permissions (defined in the usual location).

For example, Trac editorial access can be granted with the trac/theon/editor capability, whose powers are defined in Trac but whose membership is defined by DICE roles granting that capability.

Tip: roles granting Trac capabilities can be found quickly with the command:

$ rfe -xf roles/trac.theon
Last modified 6 years ago Last modified on Apr 30, 2013, 6:58:09 PM