User Tools

Site Tools


Access control on the web is quite varied, but the most common form of it comes in the form of role-based access list.

In brief, every identified user may be given any number of usergroups and any number of user-individual access rights. The usergroups can be given any number of access rights. Usergroups are always additive - if usergroup A has the rights X and Y and usergroup B has the rights X and Z, a user in both usergroup A and B will have the rights X, Y and Z. Every access right can be arbitrarily assigned to low-level or high-level actions, any of which may be ladden with or without prerequisites (such as the in-built 'democratic' modifier that requires other members of the usergroup to agree).

Common access rights

  • RESTART (the right to restart a Fragment, server or network)
  • REVOKE (the right to remove any access rights)
  • GRANT (the right to grant other users rights from the set that oneself has, including GRANT, and to remove access rights from users without GRANT)
  • EVICT (the right to kick or ban a user)
  • MOLD (the right to reshape the landscape)
  • GLOBAL (the right to send Fragment-global messages)
  • ROLE (the right to swap places with a Puppet with a predefined role)
  • QUARANTINE (the right to create a quarantine zone)
  • RELOCATE (the right to remotely teleport another user)
  • FMORPH (the right to bypass avatar restrictions)
  • WRITE (the right to write or re-write metadata in the Fragment)
  • FREAD (the right to access all metadata in the Fragment - even metadata flagged as incomplete or Fragment-private)
  • HOP (the right to teleport throughout the Fragment)
  • MORPH (the right to change one's avatar in accordance with avatar restrictions)
  • READ (the right to access regular metadata)

Common usergroups

Guest / User:

  • HOP
  • READ


  • all guest/user access rights
  • ROLE


  • all guide access rights


  • all gamemaster access rights


  • all moderator access rights
  • MOLD


  • all admin access rights
  • RESTART (democratic; requires all founders to agree)


Actual user authentication (i.e. determining the identity of a user) varies strongly between servers. Sanctuary (re)identifies users on connection to a Fragment using their hostmask and an automated challenge-response handshake the user needs access to their private key for - and maintains a session for the time the user remains in the Fragment. This is true for Denizens (which are expected to have a localhost hostmask) as well as Citizens. Autonomous Puppets are free to move between Fragments, but foreign autonomous Puppets are authenticated on connection with Sanctuary as a whole.

technology/web-access-control.txt · Last modified: 2017/11/18 15:34 (external edit)