<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[JSPWiki] decides whether to allow a [Resource Action] by consulting two sources of information:
* [WIKI-ACLs] (Page access control lists) - per-page markup defining access restrictions
* [jspwiki.policy] - a predefined set of privileges for each type of user!! [{$pagename}] Hierarchy
* [jspwiki.policy]
** [WIKI-ACLs]

!! 

To make it easy for users to quickly get productive, JSPWiki ships with a fairly loose __default policy__ out of the box:
|| Permission || [Anonymous Users|WIKI-Roles] || [Asserted Users|WIKI-Roles] || [Authenticated Users|WIKI-Roles] || Admin group|| Implied Permission
| VIEW all pages | x | x | x | x | 
| EDIT all pages | x | x | x | x | VIEW\\COMMENT
| UPLOAD attachments to all pages | | | x | x | 
| MODIFY all pages| | | x | x| EDIT\\UPLOAD
| COMMENT on all existing pages | x | x | x | x|VIEW
| CREATE new pages | x | x | x | x| 
| RENAME all pages | | | x | x| EDIT
| DELETE all pages | | | | x|EDIT
| VIEW all [WIKI-Groups] | | x | x | x| 
| EDIT all [WIKI-Groups] | | | x | x| 
| RENAME all [WIKI-Groups] | | | x | x| 
| DELETE all [WIKI-Groups] | | | | x| 
| CREATE new [WIKI-Groups] | | | x | x| 
| CREATE [WIKI-Profile]| x | x | x | x| 
| EDIT user preferences | | | x | x| 
| EDIT [WIKI-Profile] | | | x | x| 

These privileges are the defaults. For page actions such as viewing, editing, and commenting, the privileges can be restricted further by adding an [WIKI-ACLs] to particular pages. It is important to note that [WIKI-ACLs] cannot elevate privileges above those already granted by the [{$pagename}]. For example, if the policy states that Anonymous users can read all pages (but not edit), an ACL on page ''Main'' that attempts to grant the {{Edit}} privilege to Anonymous ''will not work.''

JSPWiki uses the standard Java 2 security policy APIs under the covers. Default permissions are granted using standard local security policy file syntax. When JSPWiki starts up, it loads the default policy file (stored in {{WEB-INF/jspwiki.policy}}). The &quot;local policy&quot; that is always read from WEB-INF/jspwiki.policy. The local [{$pagename}] will supplement the JVM-wide policy. 

[JSPWiki]'s default policy is suitable for a small team. It is probably too loose for a corporate intranet or public wiki.!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }] 
</pre>