Admin right is not deniable and it implies at the other rights except programming. See http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module#HDefaultrightsbeingpredefined . So admins should be able to view/edit/delete any page from the wiki they administer, independent of the rights set on those pages.
A bad user could write though something like this: {{velocity}} #if ($hasAdmin) Nice content #else Bad content #end {{/velocity}} To prevent this you can use the watch list to get a mail with the changes produced in the wiki and review those changes regularly (i.e. look at the raw content not just at the rendered content) . Hope this helps, Marius. On Fri, Mar 28, 2014 at 6:52 PM, Patrick Masson <mas...@opensource.org> wrote: > I'm concerned some may be using the MyDashboard feature of their profile > page to post inappropriate content. What access rights do admins have on > pages that are located off the MyDashboard or where permissions are set so > that only some registered users may see them? > > Let's say a user was using our site to post/distribute/develop child > pornography or malware? > > Patrick > > -- > || | | |||| || || | |||| ||| | ||| > Patrick Masson > General Manager, Director & Secretary to the Board > Open Source Initiative > 855 El Camino Real, Ste 13A, #270 > Palo Alto, CA 94301 > United States > Skype: massonpj > sip: mas...@getonsip.com > <https://www.getonsip.com/call?a=mas...@getonsip.com> > Ph: (970) 4MASSON > Em: mas...@opensource.org <mailto:mas...@opensource.org> > Ws: www.opensource.org <http://www.opensource.org> > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users