Wiki Roles
Some thoughts on roles of the people associated with a Wiki
I've tried to make this as general as possible, not dependent on any particular Wiki system or implementation. The following is a classification of the different roles I see people can play in relation to a Wiki.
(I've also edited this now in an attempt to clarify what I mean by "roles" - it seems the concept is clear in my mind, but my writing does not (yet) convey that clarity. Please bear with me... drawing a picture might help but I cannot do that (easily) here.)
The concept of a role
What a role is not
A role is not a person: a single person can have ("play") multiple roles, and a single role can be played by different persons.A role is not a permission: permissions enable people to play (different) roles.
What a role is
Rather, I see a role as referring to a process: a role defines the relationship of a person with a Wiki, how a person is interacting with a Wiki. A role name is a word describing what someone is doing, rather than what someone is allowed to do: when someone is editing a page, obviously that someone does have sufficient "permissions" to be editing or he would not be doing it: thus permissions enable roles, but are not the same thing as roles or even attached to roles.Associated with roles are powers and responsibilities: things a (user playing that) role can or cannot do, and things a role should or should not do. Roles are like hats people wear; when working with a Wiki you may be wearing different hats, but at every moment you're likely to wear only a single one. I find it helps to be aware of what hat you're wearing while doing things "with" or "to" a Wiki, and to wear only a single hat at a time.
Why roles?
My main focus for roles and wanting to name them is that different roles with respect to a Wiki (any Wiki) have and use different user interfaces for that Wiki. I want to talk about user interfaces but in order to do that I need to talk about roles (what someone is doing) first. That's what this page is about.Sorry if this is still not clear; if not, please do comment (more) to force me to make it clear - or let me know if it is any clearer now, in this second incarnation. (Please also keep in mind that I can think a lot faster than I can write; I'll try to communicate what is (at the moment) clear in my own thinking, but that doesn't mean the thought process itself is "complete".)
Definition of WikiRoles
- Before everything else, there's someone who "owns" the place:
In general this role decides to set up a Wiki, and provides hosting (or somehow pays for it). Without an owner, there is no Wiki - someone has to start it all.
In WikiLingo we call this role the WikiOwner.
- First, there's the equivalent of a webmaster or system operator:
This role applies to someone who can do the system-level stuff and takes care of installation and creation of program files and installation and configuration of the database (if any).
In other words: this role enables the existence of the Wiki (on behalf of the WikiOwner), and is responsible for making sure it runs, and runs smoothly. Conversely, this role can also take a Wiki down (again on behalf of the WikiOwner).
In WikiLingo we call this role the WikiMaster.
- Then there is the role of administrator:
This role applies to someone who has the powers to keep things neat and tidy and can assign permissions to (other) users of the Wiki. An administrator generally has special tools to be able to do things like changing configuration and do user management without having to depend on a WikiMaster for direct access to files and database on the server.
In WikiLingo we call this role the WikiAdmin.
- Next, we have editors:
Without editors that are not (also) WikiOwner, WikiMaster or WikiAdmin, we effectively have a personal blogging system, or maybe a CMS (content management system). While WikiMasters and WikiAdmins are special kinds of users, it's the other users that determine the "wikiness" of a system. The editor role in a Wiki is anyone who is creating or editing content: a Wiki's editors determine its content. Generally in the Wiki World, any WikiUser can edit any page but - depending on the application used and its implementation - there may be exceptions determined by the WikiMaster or WikiAdmins, for instance by requiring people to create an account to gain edit rights; and by protecting certain pages so they can be edited only by specific roles or users.
In WikiLingo we call this role the WikiEditor.
When a WikiAdmin has configured the system such that users need an account to play the role of WikiEditor and create and edit content they must choose a WikiName for themselves by which name they'll be known; in this case we must define yet another role:
- Maybe (or hopefully), we also have "mere" visitors:
The role with the least rights is for the one who merely visits: someone who browses the Wiki content (usually without leaving a trace, or maybe leaving anonymous comments) but cannot create or edit content (or does not). Depending on system configuration by the WikiAdmin, a visitor may, or may not, add comments to pages.
In WikiLingo we call this role the WikiVisitor.
The list above omits one role name I had included there previously: that of WikiUser. I now regard this as a generic role: a WikiUser anyone doing something with a Wiki through its web-based user interface. That includes WikiVisitors and WikiEditors; also WikiAdmins if the system not only provides them with special tools, but does so via a Wiki interface.
Summary
So we have the following roles, in order of decreasing (creative or destructive) powers while playing a role:
- WikiEditor (who may choose a WikiName)
In addition I use the concept of WikiUser which applies to anyone using a Wiki through its web-based user interface: WikiVisitor, WikiEditor or WikiAdmin. (Someone playing the role of WikiOwner or WikiMaster generally uses a different user interface to interact with a Wiki application.)
Everyone should be able to edit a wiki, otherwise it is anything else but a wiki.
Just my 2cents.
Or am I missing the point? :-)
I agree that a mature wiki should allow different privileges to different classes of users (not just Admins vs. rest of the world).
I personally don't agree that a wiki with ACL is no more a wiki...
Roles, as I see them, are not the same thing as permissions; and a set of roles is not a hierarchy.
No matter how a Wiki is set up with respect to permissions, *someone* must have taken the decision to set it up in the first place; *someone* must host it, or pay for the hosting - that person has the *role* if WikiOwner: without a WikiOwner, there _is_ no Wiki.
Likewise, *someone* must install the files, the database, and configure the application; that person has the *role* of WikiMaster.
Only after that does a Wiki exist in the first place. Whether "everyone" then has edit access is a matter of implementation; in that case you may not need the *role* of WikiAdmin (but only if you rely on the *role* of WikiMaster to make any necessary changes to the configuration). Even if the *role* of WikiAdmin may not exist, _when_ someone is editing or adding content, that someone has the *role* of WikiUser; and _when_ someone is merely browsing the content, that someone has the *role* if WikiVisitor.
Roles are merely a clarification of how people (or even a single person) *interact* with a Wiki; there is no contradiction with a Wiki where everyone has write access. Someone still has to create it, someone still has to set it up and configure it.
No, my idea of WikiRoles is not intended as a way to suggest that Group Management is welcome. That said, Group management is welcome as far as I'm concerned. I see a group merely as a "collection" of people; as a "shorthand notation" for a list of users.
If you have groups - in that sense - then the groups themselves don't have roles though they may have permissions. (A group cannot do configuration, a group cannot edit content - only its members can do such things). Only group *members* (members that are not themselves groups, if you want group hierarchies) can have roles.
I didn't come up with my idea of roles as a way to tackle user management, though there is clearly a relationship. The idea sprouted from trying to describe a "pattern" for an action program while working on a few last weekend and I realised that I could not talk about a pattern for an action without talking about roles - so I had to define my concept of roles first.
(See also my reply to AndreaRossato)
And I agree that a Wiki with permissions (whether implemented as ACLs or via some other mechanism) can still be a Wiki though there is a grey area before it is so tied down it effectively becomes a WikiBlog. :) Even the very open WikiPedia where everyone can edit content has a WikiAdmin role and tools for that role.
This concept has its roots in Windows and Database administration.
I'm just not sure whether this level of security is required. That is, if the default configuration of a wiki allows the homepage to be editted by anyone/everyone, then you could consequentially say that roles don't really have a place.
One problem I found with roles is that if you don't have a heirachy, then you're going to have problems. For example, if a user belongs to more than one role, then you're going to get an example where UserX belongs to WikiAdmin and WikiVisitor. If he decides to change WikiVisitor permissions to readonly, then will he still have write permissions?
You're looking at a very complicated script with quantitative "Priority Overrides" for certain roles. Any ideas on how IfAdmin() will be calculated?
As a side issue, ACLs are implemented (apparently) in the order that they are entered. So if you ban UserX then "*", UserX will not be banned. I think :) Its a slightly more simple and less powerful control than roles.
Hell, what about DB roles, considering Wikka uses mySQL?
I've now partially rewritten the page after your comment made it clear(er) to me that my ideas were clear in my mind, but not all that clear in my writing. :) I see roles (here) as describing actual interaction of people with a Wiki though I'm fully aware that in some other contexts (notably Database Management systems) "role" may have a different meaning, which will be confusing. I see permissions as enabling roles, not synonymous with it; and there are other contexts where "role" is used in that meaning.
I don't quite agree though that the "concept has its roots in Windows and Database administration" - this type of concept existed long before Windows existed and even before there were graphical user interfaces. Database adminstration and in general Systems administration is closer to the mark.
You bring up some important issues related to "groups" and assigning permissions to groups though. I'll get back to that.
DB roles? Hmmm ... if a Wiki is hosted (and the server it's hosted on not under full control of the WikiOwner or WikiMaster) then someone playing the role of WikiMaster may not be the actual database administrator (which in that case would be someone at the hoster's company). And that may, or may not, pose some hurdles, depending on the facilities provided by the hoster. Maybe I should also define other "external" roles that have an influence on how a Wiki can function?
You do not "assign" them - people "assign" them automatically by how they are using the wiki at any particular moment. Please read "what a role is not" and "what a role is":
"process: a role defines the relationship of a person with a Wiki, how a person is interacting with a Wiki. A role name is a word describing what someone is doing, rather than what someone is allowed to do."