Authentication, Authorization, and Access Control in Socialtext

Back to Socialtext Documentation.


Socialtext has three distinct ways of dealing with the question of whether a particular request for a resource or an action will be fulfilled. These are called Authentication, Authorization, and Access control.


Authentication is any process by which you verify that someone is who they claim they are. In most cases, this involves registering with a legitimate email address, which becomes the identifier of that person within Socialtext, and a password. The user may also set a first and last name that is used for display purposes in the wiki. In appliance installations other forms of authentication, such as LDAP and Microsoft Active Directory, may be used.

A user becomes a Socialtext Authenticated User after being invited by the administrator of a Socialtext workspace. The invitation is sent by email. The user must verify their identity by choosing a password, receiving a confirmation email sent to the registered address, and clicking a link in that email to complete the registration.


Authorization is finding out if the person is permitted to have the resource or execute the action. This is often determined by finding out if that person is a part of a particular group or has a particular level of privilege. Socialtext uses both of those methods to provide authorization.

A person can be an authorized Member of a wiki. A private wiki has membership defined by invitation, and only a Member may enter that wiki, by logging in with their previously authenticated email address and password.

A public wiki has a more relaxed policy for authorization. Two lower levels of authorization, called Guest and Authenticated User, provide a mixture of privileges to non-members of public wikis. The details of the pre-defined types and capabilities of private and public wikis are specified in Roles and Permission Sets.

Within a wiki, a Member may become a Workspace Administrator with administrative privileges such as managing the membership of a wiki. Those privileges are granted by an existing Workspace Administrator.

Access Control

Finally, access control is a much more general way of talking about controlling access to a web resource. As you can see in the matrices in Roles and Permission Sets, it is possible to control access to all the wiki functions, such as read, edit, email in and out, attach files, and make comments, on a per role basis in any wiki. If you need a special configuration, contact your appliance system administrator or, for the Socialtext hosted service,


Because these three techniques are so closely related in most real applications, it is difficult to talk about them separate from one another. In particular, authentication and authorization are, in most actual implementations, inextricable.

Note: this explanation adapted from the Apache Foundation documentation for the Apache Web Server on Authentication, Authorization, and Access Control.

Back to Socialtext Documentation.