Mediawiki is born with Wikipedia permissions model in mind. That is: everybody can read everything, everybody can edit everything, even unauthenticated people can edit pages.
Usually, for a service wiki this is not an acceptable behaviour. The possible scenarios are
- a wiki where all sissa users (or a restricted group of them) can logon with their main passwords and edit pages, while unauthenticated users can only read the pages.
- a wiki accessible to both sissa users with their username
Furthermore there are, usually, two kinds of administrative users:
the so called Administrator, or Sysop, who is mainly in charge of the administration of wiki contents. Usually he has the right to
* Block a user from sending e-mail (blockemail) * Block other users from editing (block) * Bypass IP blocks, auto-blocks and range blocks (ipblock-exempt) * Bypass automatic blocks of proxies (proxyunbannable) * Change protection levels and edit protected pages (protect) * Create new user accounts (createaccount) * Delete pages (delete) * Delete pages with large histories (bigdelete) * Edit other users' CSS and JS files (editusercssjs) * Edit semi-protected pages (autoconfirmed) * Edit the user interface (editinterface) * Have one's own edits automatically marked as patrolled (autopatrol) * Import pages from a file upload (importupload) * Import pages from other wikis (import) * Mark others' edits as patrolled (patrol) * Mark rolled-back edits as bot edits (markbotedits) * Move files (movefile) * Move pages (move) * Move pages with their subpages (move-subpages) * Move root user pages (move-rootuserpages) * Not be affected by rate limits (noratelimit) * Override files on the shared media repository locally (reupload-shared) * Overwrite an existing file (reupload) * Quickly rollback the edits of the last user who edited a particular page (rollback) * Search deleted pages (browsearchive) * Submit a trackback (trackback) * Undelete a page (undelete) * Upload a file from a URL address (upload_by_url) * Upload files (upload) * Use higher limits in API queries (apihighlimits) * View a list of unwatched pages (unwatchedpages) * View deleted history entries, without their associated text (deletedhistory)
There is another profile, the so called "Bureaucrat". This is important mainly because it can assign the permission to other users.