How do I assign Trac permissions to my users?

There are two ways to assign permissions to a user:

Assign Trac permissions to a User directly

1. Click Add new permissions for a role, then select the User in question.
2. Select the individual permissions you wish to assign using the arrows, or alternatively use the Add read-only permissions or Add read/write permissions buttons. These buttons are simply a shortcut for convenience that copies all the common permissions for that access mode.
3. Click Create to setup the permissions.

Assign Trac permissions indirectly

Trac lets you define a set of permissions that should be applied to all members of a Role, rather than an individual (e.g. ‘developers’, ‘testers’, ‘admin’, etc). These Roles can then be assigned to Users to allow their permissions to me managed collectively.

To do this, start by first defining a role (which typically has the same name as a Group). Then assign this Role as the ‘permission’ for the user(s) in question.

1. Click Add new permissions for a role, then select the Group in question (Groups are identified by a leading @ character in the name).
2. Assign individual permissions that you wish for all members of this Group to have in the same manner as for an individual user.
3. Click Create to setup the Group permissions.

At this point, you have now defined a set of group permissions, but have not assigned them to any Users. You now need to:

1. Click Add new permissions for a role and select the User as the role you wish to assign the group permissions to.
2. Select the Group in question in the permissions list, and assign it to the User. This will have the effect of assigning ALL the permissions previously defined for the Group to that User.

Note: since it can be a tedious process to manually assign Group roles to individual Users, we provide a shortcut button Assign Trac permissions using Group configuration that does this process for you. It does this by using the SVN Group/User mapping defined in the Groups section of the Control Panel.

Please remember: each time you add or remove Users or Groups, you need to to click this button to re-assign Users according to the new Group definitions.

Special Trac-specific roles

The the authenticated and anonymous roles define permissions that you can assign in two special cases:

• The “authenticated” role – This refers to any User that is authenticated with the system. This is useful if you don’t wish to define special roles such as ‘developers’ or ’testers’ etc. You must still remember to add the ‘authenticated’ role to the individual Users you wish to classify as authenticated.
  
  To do this, we provide a shortcut button Assign all current Users to ‘authenticated’ Trac group that will add the authenticated permission to all Users registered in the system. Again, it is necessary to remember to click this button to re-assign this permission every time a User is added or removed from the system.
  
  
• The “anonymous” role – This is a special case that assigns permissions for all Users who have not yet logged in to Trac. Simply add (or remove) permissions here if you want to enable or disable access to your Trac from anonymous (unauthenticated) users.