Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 8.6
edited by Agnease
on 2026/05/25 12:47
Change comment: There is no comment for this version
To version 8.8
edited by Agnease
on 2026/05/25 12:50
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -134,7 +134,24 @@
134 134   </div>
135 135   </section>
136 136  
137 - ## APPROACH
137 + ## ACCESS CONTROL PROCESS
138 + #set ($accessProcessItems = [{
139 + 'title': 'Review the current access setup',
140 + 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
141 + },{
142 + 'title': 'Clarify the target model',
143 + 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
144 + },{
145 + 'title': 'Validate configuration safely',
146 + 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
147 + },{
148 + 'title': 'Apply controlled changes',
149 + 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
150 + },{
151 + 'title': 'Document the result',
152 + 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
153 + }])
154 +
138 138   <section id="access-control-process" class="split-section" aria-labelledby="process-title">
139 139   <div class="container">
140 140   <div class="split-grid">
... ... @@ -154,26 +154,12 @@
154 154   </div>
155 155  
156 156   <ol class="process-list">
157 - <li>
158 - <strong>Review the current access setup</strong>
159 - Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.
160 - </li>
161 - <li>
162 - <strong>Clarify the target model</strong>
163 - Expected login flow, user provisioning, group mapping, administration model and permission boundaries.
164 - </li>
165 - <li>
166 - <strong>Validate configuration safely</strong>
167 - Test authentication, synchronization and rights behavior before applying changes to production when needed.
168 - </li>
169 - <li>
170 - <strong>Apply controlled changes</strong>
171 - Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.
172 - </li>
173 - <li>
174 - <strong>Document the result</strong>
175 - Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.
176 - </li>
174 + #foreach ($entry in $accessProcessItems)
175 + <li>
176 + <strong>$entry.title</strong>
177 + $entry.content
178 + </li>
179 + #end
177 177   </ol>
178 178   </div>
179 179   </div>
... ... @@ -180,6 +180,24 @@
180 180   </section>
181 181  
182 182   ## SPECIFIC AREAS
186 + #set ($accessAreasItems = [{
187 + 'title': 'Directory configuration',
188 + 'icon': 'server',
189 + 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
190 + },{
191 + 'title': 'Group mapping',
192 + 'icon': 'random',
193 + 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
194 + },{
195 + 'title': 'Permission structure',
196 + 'icon': 'lock',
197 + 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
198 + },{
199 + 'title': 'Security-sensitive rights',
200 + 'icon': 'user-secret',
201 + 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
202 + }])
203 +
183 183   <section aria-labelledby="areas-title">
184 184   <div class="container">
185 185   <h2 id="areas-title">Specific areas we can review</h2>
... ... @@ -190,45 +190,16 @@
190 190   </p>
191 191  
192 192   <div class="widgets">
193 - <article class="widget">
194 - <div class="icon" aria-hidden="true">
195 - <i class="fa fa-server"></i>
196 - <h4>Directory<br />configuration</h4>
197 - </div>
198 - <p>
199 - LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.
200 - </p>
201 - </article>
214 + #foreach ($entry in $accessAreasItems)
215 + <article class="widget">
216 + <div class="icon" aria-hidden="true">
217 + <i class="fa fa-$entry.icon"></i>
218 + <h4>$entry.title</h4>
219 + </div>
202 202  
203 - <article class="widget">
204 - <div class="icon" aria-hidden="true">
205 - <i class="fa fa-random"></i>
206 - <h4>Group<br />mapping</h4>
207 - </div>
208 - <p>
209 - Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.
210 - </p>
211 - </article>
212 -
213 - <article class="widget">
214 - <div class="icon" aria-hidden="true">
215 - <i class="fa fa-lock"></i>
216 - <h4>Permission<br />structure</h4>
217 - </div>
218 - <p>
219 - Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.
220 - </p>
221 - </article>
222 -
223 - <article class="widget">
224 - <div class="icon" aria-hidden="true">
225 - <i class="fa fa-user-secret"></i>
226 - <h4>Security<br />sensitive rights</h4>
227 - </div>
228 - <p>
229 - Review of powerful rights such as admin, programming, script and edit rights where they affect security.
230 - </p>
231 - </article>
221 + <p>$entry.content</p>
222 + </article>
223 + #end
232 232   </div>
233 233   </div>
234 234   </section>