Open main menu

매뉴얼:유저 권한

This page is a translated version of the page Manual:User rights and the translation is 19% complete.

Outdated translations are marked like this.
Other languages:
Bahasa Indonesia • ‎Deutsch • ‎English • ‎Tagalog • ‎dansk • ‎español • ‎français • ‎italiano • ‎polski • ‎português do Brasil • ‎čeština • ‎русский • ‎српски / srpski • ‎українська • ‎हिन्दी • ‎মেইতেই লোন্ • ‎ไทย • ‎中文 • ‎日本語 • ‎한국어

사용자 권한사용자 그룹에 할당할 수 있는 특정한 접근과 권한입니다.

미디어위키는 기본적인 유저 권한 및 유저 그룹을 가지고 있습니다. 그러나 유저가 편집할 수 있습니다. 이 페이지는 기본 권한과 그룹 및 사용자 편집 방법을 설명합니다.

그룹에서 개별 wiki 사용자를 추가 및 제거하는 방법에 대한 정보는, Help:사용자 권한 및 그룹 , Manual:Setting user groups in MediaWiki 를 보세요.


권한 목록

기본 MediaWiki 설치는 기본 그룹에 특정 권한을 할당합니다 (아래 참조). 구문을 사용하여 LocalSettings.php 에서 $wgGroupPermissions 배열을 편집하여 기본 권한을 변경할 수 있습니다.

$wgGroupPermissions['group']['right'] = true /* 또는 거짓 */;
기본 설치에서 $wgGroupPermissions는 includes/DefaultSettings.php에 설정되지만, LocalSettings.php에는 기술되지 않습니다. You will then need to add it in that file.

If a member has multiple groups, they get all of the permissions from each of the groups they are in. All users, including anonymous users, are in the '*' group; all registered users are in the 'user' group. In addition to the default groups, you can arbitrarily create new groups using the same array.


This example will disable viewing of all pages not listed in $wgWhitelistRead , then re-enable for registered users only:

$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting '*' to false doesn't disable rights for groups that have the right separately set to true!
$wgGroupPermissions['user']['read'] = true;

This example will disable editing of all pages, then re-enable for users with confirmed email addresses only:

# Disable for everyone.
$wgGroupPermissions['*']['edit']              = false;
# Disable for users, too: by default 'user' is allowed to edit, even if '*' is not.
$wgGroupPermissions['user']['edit']           = false;
# Make it so users with confirmed email addresses are in the group.
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
# Hide group from user list.
$wgImplicitGroups[] = 'emailconfirmed';
# Finally, set it to true for the desired group.
$wgGroupPermissions['emailconfirmed']['edit'] = true;

Creating a new group and assigning permissions to it

$wgGroupPermissions['<group-name>']에 권한을 지정해 줌으로써 새로운 유저 그룹을 만들수 있습니다. <group-name>는 그룹 이름을 의미합니다.

Additionally to assigning permissions, you should create these three wiki pages with fitting content:

  • MediaWiki:Group-<group-name> (content: Name of the group)
  • MediaWiki:Group-<group-name>-member (content: Name of a member of the group)
  • MediaWiki:Grouppage-<group-name> (content: Name of the group page)

By default, bureaucrats can add users to, or remove them from, any group. However, if you are using 매뉴얼:$wgAddGroups and Manual:$wgRemoveGroups , you may need to customize those instead.


이 예제는 사용자를 차단하고 페이지를 삭제할 수 있고 모든 편집은 기본적으로 최근 바뀜에서 숨겨지는 독단적인 "닌자" 그룹을 만들겠습니다.

$wgGroupPermissions['ninja']['bot']    = true;
$wgGroupPermissions['ninja']['block']  = true;
$wgGroupPermissions['ninja']['delete'] = true;
Note: 그룹 이름은 띄어쓰기를 포함할 수 없습니다. 'random group' 대신 'random-group'이나 'random_group'를 사용하세요.

In this example, you would probably also want to create these pages:

  • MediaWiki:Group-ninja (content: Ninjas)
  • MediaWiki:Group-ninja-member (content: ninja)
  • MediaWiki:Grouppage-ninja (content: Project:Ninjas)

This will ensure that the group will be referred to as “Ninjas” throughout the interface, and a member will be referred to as a “ninja”, and overviews will link the group name to Project:Ninjas.

This example disables write access (page editing and creation) by default, creates a group named “Write”, and grants it write access. Users can be manually added to this group via Special:UserRights:

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['Write']['edit'] = true;
$wgGroupPermissions['Write']['createpage'] = true;

In this example, you would probably also want to create these pages:

  • MediaWiki:Group-Write (content: Writers)
  • MediaWiki:Group-Write-member (content: Writer)
  • MediaWiki:Grouppage-Write (content: Project:Write)

Removing predefined groups

MediaWiki out of the box comes with a number of predefined groups. Most of these groups can be removed by unsetting the according array keys, among them $wgGroupPermissions['<group-name>']. For details see below.


This example will eliminate the bureaucrat group entirely. It is necessary to ensure that all six of these variables are unset for any group that one wishes to remove from being listed at Special:ListGroupRights; however, merely unsetting $wgGroupPermissions will suffice to remove it from Special:UserRights. This code should be placed after any require_once lines that add extensions such as 확장 기능:Renameuser containing code that gives bureaucrats group permissions by default.

unset( $wgGroupPermissions['bureaucrat'] );
unset( $wgRevokePermissions['bureaucrat'] );
unset( $wgAddGroups['bureaucrat'] );
unset( $wgRemoveGroups['bureaucrat'] );
unset( $wgGroupsAddToSelf['bureaucrat'] );
unset( $wgGroupsRemoveFromSelf['bureaucrat'] );

In some extensions (Flow, Semantic MediaWiki, etc.), rights are added during extension registration or in a registration function. In this case, it could be necessary to use a registration function in LocalSettings.php to remove some predefined user groups:

$wgExtensionFunctions[] = function() use ( &$wgGroupPermissions ) {
    unset( $wgGroupPermissions['oversight'] );
    unset( $wgGroupPermissions['flow-bot'] );

Note on the group called “user”

With the above mechanism, you can remove the groups sysop, bureaucrat and bot, which - if used - can be assigned through the usual user permission system. However, it is currently impossible to remove the user group. This group is not assigned through the usual permission system. Instead, every logged in user automatically is member of that group. This is hardcoded in MediaWiki and currently cannot be changed easily.

권한 목록

The following user rights are available in the latest version of MediaWiki. If you are using an older version, look at “Special:Version” on your wiki and see if your version is covered in the “Versions” column.

권한 설명 User groups that have this right by default 버전
read 문서 읽기 - when set to false, override for specific pages with $wgWhitelistRead
  경고: Setting the user right "read" (allow viewing pages) to false will only protect wiki (article, talk, ...) pages, but uploaded files (images, files, docs... in the $wgUploadPath subdirectories) will always remain readable via direct access by default.
Use the information from Manual:Image Authorisation and img_auth.php pages when you have the need to restrict image views and file download access to only logged-in users.
*, user 1.5+
applychangetags 자신이 편집할 때 태그를 적용하기 user 1.25+
autocreateaccount 외부 사용자 계정으로 자동 로그인 - a more limited version of createaccount 1.27+
createaccount 새 사용자 계정 만들기 - register / registration *, sysop 1.5+
createpage 문서 만들기 (토론 문서 제외) - requires the edit right *, user 1.6+
createtalk 토론 문서 만들기 - requires the edit right *, user 1.6+
edit 문서 편집 *, user 1.5+
editsemiprotected "Allow only autoconfirmed users"로 보호된 문서 편집 - without cascading protection autoconfirmed, bot, sysop 1.22+
editprotected "Allow only administrators"로 보호된 문서 편집 - without cascading protection sysop 1.13+
minoredit 사소한 편집으로 표시 user 1.6+
move 문서 이동 - requires the edit right user, sysop 1.5+
move-categorypages 분류 문서 이동 - requires the move right user, sysop 1.25+
move-rootuserpages 최상위 사용자 문서 이동 - requires the move right user, sysop 1.14+
move-subpages 문서와 하위 문서 이동하기 - requires the move right user, sysop 1.13+
movefile 파일 이동 - requires the move right and $wgAllowImageMoving to be true user, sysop 1.14+
reupload 이미 존재하는 파일을 다시 올리기 - requires the upload right user, sysop 1.6+
reupload-own 자신이 이미 올린 파일 덮어쓰기 - requires the upload right (note that this is not needed if the group already has the reupload right) 1.11+
reupload-shared 공용의 파일을 무시하고 로컬에서 파일 올리기 - (if one is set up) with local files (requires the upload right) user, sysop 1.6+
sendemail 다른 사용자에게 이메일 보내기 user 1.16+
upload 파일 올리기 - requires the edit right and $wgEnableUploads to be true user, sysop 1.5+
upload_by_url URL 주소에서 파일 올리기 - requires the upload right (Prior to 1.20 it was given to sysops) 1.8+
bigdelete 문서 역사가 긴 문서를 삭제 (as determined by $wgDeleteRevisionsLimit ) sysop 1.12+
block 다른 사용자가 편집을 못하도록 차단 - Block options include preventing editing and registering new accounts, and autoblocking other users on the same IP address sysop 1.5+
blockemail 다른 사용자가 이메일을 보내지 못하도록 차단 - allows preventing use of the Special:Emailuser interface when blocking sysop 1.11+
browsearchive 삭제된 문서 검색 - through Special:Undelete sysop 1.13+
changetags 문서의 특정 판과 특정 기록 항목에 임의의 태그를 추가하거나 제거하기 - currently unused by extensions user 1.25+
delete 문서 삭제 1.5–1.11: allows the deletion or undeletion of pages.
1.12+: allows the deletion of pages. For undeletions, there is now the 'undelete' right, see below
sysop 1.5+
deletedhistory 삭제된 문서의 내용을 제외한 역사를 보기 sysop 1.6+
deletedtext 삭제된 문서의 내용과 편집상의 차이를 보기 sysop
deletelogentry 특정 기록 항목을 삭제 및 되살리기 - allows deleting/undeleting information (action text, summary, user who made the action) of specific log entries (not available by default) 1.20+
deleterevision 문서의 특정 판을 삭제 및 되살리기 - allows deleting/undeleting information (revision text, edit summary, user who made the edit) of specific revisions Split into deleterevision and deletelogentry in 1.20 (not available by default) 1.6+
editcontentmodel 문서의 콘텐츠 모델을 편집 user 1.23.7+
editinterface 사용자 인터페이스를 편집 - contains interface messages. For editing sitewide CSS/JSON/JS, there are now segregate rights, see below. sysop, interface-admin 1.5+
editmyoptions 자신의 환경 설정 편집 * 1.22+
editmyprivateinfo 자신의 개인정보 편집 (이메일 주소, 실명 등) * 1.22+
editmyusercss 자신의 사용자 CSS 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the editusercss right) user 1.22+
editmyuserjs 자신의 사용자 자바스크립트 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the edituserjs right) user 1.22+
editmyuserjson 자신의 사용자 JSON 파일 편집하기 (note that this is not needed if the group already has the edituserjson right) user 1.31+
editmywatchlist 자신의 주시문서 목록을 편집합니다. 이 권한이 없어도 문서를 추가할 수 있는 권한이 이외에도 있음을 참고하세요. * 1.22+
editsitecss 사이트 CSS 편집 interface-admin 1.32+
editsitejs 사이트 자바스크립트 편집 interface-admin 1.32+
editsitejson 사이트 JSON 편집 sysop, interface-admin 1.32+
editusercss 다른 사용자의 CSS 문서를 편집 interface-admin 1.16+
edituserjs 다른 사용자의 자바스크립트 문서를 편집 interface-admin 1.16+
edituserjson 다른 사용자의 JSON 파일을 편집 sysop, interface-admin 1.31+
hideuser 사용자 이름을 차단하고 감춤 - (not available by default)

Only users with 1000 edits or less can be suppressed by default. Use $wgHideUserContribLimit to disable.

markbotedits 되돌리기를 봇의 편집으로 취급 가능 - see Manual:Administrators#Rollback sysop 1.12+
mergehistory 문서 역사를 합치기 sysop 1.12+
pagelang 문서 언어 바꾸기 - $wgPageLanguageUseDB must be true 1.24+
patrol 다른 사용자의 편집을 점검된 것으로 표시 - $wgUseRCPatrol must be true sysop 1.5+
patrolmarks 최근 바뀜에서 점검 표시를 보기 1.16+
protect 보호 수준 바꾸기 및 연쇄 보호된 문서 편집 sysop 1.5+
rollback 특정 문서를 편집한 마지막 사용자의 편집을 신속하게 되돌리기 sysop 1.5+
suppressionlog 감춰진 기록을 보기 1.6+
suppressrevision 어떤 사용자도 보지 못하도록 감춰진 판을 검토하고 되살리기 - Prior to 1.13 this right was named hiderevision (not available by default) 1.6+
unblockself 자신을 차단 해제하기 - Without it, an administrator that has the capability to block cannot unblock themselves if blocked by another administrator sysop 1.17+
undelete 삭제된 문서 되살리기 - requires deletedhistory right sysop 1.12+
userrights 사용자의 모든 권한 조정 - allows the assignment or removal of all* groups to any user.
*With $wgAddGroups and $wgRemoveGroups you can set the possibility to add/remove certain groups instead of all
bureaucrat 1.5+
userrights-interwiki 다른 위키의 사용자 권한을 조정 1.12+
viewmyprivateinfo 자신의 개인정보 보기 (이메일 주소, 실명 등) * 1.22+
viewmywatchlist 자신의 주시문서 목록 보기 * 1.22+
viewsuppressed 어떤 사용자도 보지 못하도록 감춰진 판 보기 - i.e. a more narrow alternative to "suppressrevision" (note that this is not needed if the group already has the suppressrevision right) 1.24+
autopatrol 자신의 편집을 자동으로 점검된 판으로 표시 - $wgUseRCPatrol must be true bot, sysop 1.9+
deletechangetags 데이터베이스에서 태그를 지우기 - currently unused by extensions sysop 1.28+
import 다른 위키에서 문서 가져오기 - “transwiki” sysop 1.5+
importupload 파일 올리기를 통해 문서 가져오기 - This right was called 'importraw' in and before version 1.5 sysop 1.5+
managechangetags 데이터베이스에서 태그를 만들거나 지우기 - currently unused by extensions sysop 1.25+
siteadmin 데이터베이스를 잠그거나 잠금 해제 - which blocks all interactions with the web site except viewing. (not available by default) 1.5+
unwatchedpages 주시되지 않은 문서 목록 보기 - lists pages that no user has watchlisted sysop 1.6+
apihighlimits API 쿼리에서 더 높은 제한 사용 bot, sysop 1.12+
autoconfirmed IP 기반의 속도 제한에 영향을 받지 않음 - used for the 'autoconfirmed' group, see the other table below for more information autoconfirmed, bot, sysop 1.6+
bot 봇의 편집으로 취급 - can optionally be viewed bot 1.5+
ipblock-exempt IP 차단, 자동 차단, 광역 차단을 무시 sysop 1.9+
nominornewtalk 토론 문서에서 사소한 편집으로 새 메시지 알림을 보내지 않기 - requires minor edit right bot 1.9+
noratelimit 속도 제한에 영향을 받지 않음 - not affected by rate limits (prior to the introduction of this right, the configuration variable $wgRateLimitsExcludedGroups was used for this purpose) sysop, bureaucrat 1.13+
purge 문서의 사이트 캐시를 새로 고침 - URL parameter "&action=purge" user 1.10+
suppressredirect 문서를 이동할 때 원래 문서 이름으로 된 넘겨주기를 만들지 않기 bot, sysop 1.12+
writeapi 쓰기 API 사용 *, user, bot 1.13+
Although these permissions all control separate things, sometimes to perform certain actions you need multiple permissions. For example allowing people to edit but not read pages doesn't make sense, since in order to edit a page you must first be able to read it (Assuming no pages are whitelisted). Allowing uploads but not editing does not make sense, since in order to upload an image you must implicitly create an image description page, etc.

그룹 목록

The following groups are available in the latest version of MediaWiki. If you are using an older version then some of these may not be implemented.

그룹 설명 기본 권한 버전
* 모든 사용자 (익명 사용자 포함). createaccount, createpage, createtalk, edit, editmyoptions, editmyprivateinfo, editmywatchlist, read, viewmyprivateinfo, viewmywatchlist, writeapi 1.5+
user 계정 생성. applychangetags, changetags, createpage, createtalk, edit, editcontentmodel, editmyusercss, editmyuserjs, editmyuserjson, minoredit, move, move-categorypages, move-rootuserpages, move-subpages, movefile, purge, read, reupload, reupload-shared, sendemail, upload, writeapi
autoconfirmed registered accounts at least as old as $wgAutoConfirmAge and having at least as many edits as $wgAutoConfirmCount . autoconfirmed, editsemiprotected 1.6+
bot accounts with the bot right (intended for automated scripts). autoconfirmed, autopatrol, apihighlimits, bot, editsemiprotected, nominornewtalk, suppressredirect, writeapi 1.5+
sysop users who by default can delete and restore pages, block and unblock users, et cetera. apihighlimits, autoconfirmed, autopatrol, bigdelete, block, blockemail, browsearchive, createaccount, delete, deletedhistory, deletedtext, editinterface, editprotected, editsemiprotected, editsitejson, edituserjson, import, importupload, ipblock-exempt, managechangetags, markbotedits, mergehistory, move, move-categorypages, move-rootuserpages, move-subpages, movefile, noratelimit, patrol, protect, proxyunbannable, reupload, reupload-shared, rollback, suppressredirect, unblockself, undelete, unwatchedpages, upload 1.5+
interface-admin users who can edit sitewide CSS/JS. editinterface, editsitecss, editsitejs, editsitejson, editusercss, edituserjs, edituserjson 1.32+
bureaucrat users who by default can change other users' rights. noratelimit, userrights 1.5+

From MW 1.12, you can create your own groups into which users are automatically promoted (as with autoconfirmed and emailconfirmed) using $wgAutopromote . You can even create any custom group by just assigning rights to them.

기본 권한

The default rights are defined in DefaultSettings.php .

새 권한 만들기

Information for coders only follows.

If you're adding a new right in core, for instance to control a new special page, you are required to add it to the list of available rights in User.php , $mCoreRights (example). If you're doing so in an extension , you instead need to use $wgAvailableRights .

You probably also want to assign it to some user group by editing $wgGroupPermissions described above.

If you want this right to be accessible to external applications by OAuth  or by bot passwords, then you will need to add it to a grant by editing $wgGrantPermissions .

// create ninja-powers right
$wgAvailableRights[] = 'ninja-powers';

//add ninja-powers to the ninja-group
$wgGroupPermissions['ninja']['ninja-powers'] = true;

//add ninja-powers to the 'basic' grant so we can use our ninja powers over an API request
$wgGrantPermissions['basic']['ninja-powers'] = true;

You also need to add right-[name] and action-[name] interface messages to /languages/i18n/en.json (with documentation in qqq.json). The right-* messages can be seen on Special:ListGroupRights and the action-* messages are used in a sentence like "You do not have permission to ...".

같이 보기