Edgewall Software

Extension Point : IPermissionGroupProvider


The IPermissionGroupProvider implementations define permission group membership information.


The TracPermissions system supports hierarchical groups to bundle and inherit permissions. The IPermissionGroupProvider interface can be used to get group membership information for users (e.g. from arbitrary external data sources).

(Note that currently the admin defined groups are provided by the DefaultPermissionStore, not an IPermissionGroupProvider. See #5648)


Implementing the interface follows the standard guidelines found in TracDev/ComponentArchitecture and of course TracDev/PluginDevelopment.

The group providers are called by the permissions system to provide the group membership information for a certain user name. This information is automatically cached and reused for some time.


The following example uses an active_directory module to provide group membership information from Windows' default Active Directory:

import active_directory
from trac.core import *
from trac.perm import IPermissionGroupProvider

class ActiveDirectoryPermissionGroupProvider(Component):
    """Permission group provider providing Active Directory group membership 


    def get_permission_groups(self, username):
        aduser = active_directory.find_user(username)
        return list(aduser.memberOf)

Available Implementations

In Trac:

DefaultPermissionGroupProvider Provides the basic builtin permission groups 'anonymous' and 'authenticated'.

In third-party plugins:

th:LdapPlugin Provides groups from LDAP.
th:HtgroupsPlugin Provides groups from a .htgroup file (usually used with Apache's AuthGroupFile or AuthDigestGroupFile directives).
th:AuthzGroupsPlugin Provides groups from the SVN authz file.
th:TracSysgroupsPlugin Provides groups from the unix / linux system groups.
th:UnixGroupsPlugin Provides groups from the unix system groups.
th:TracUnixGroupsPlugin Provide groups from the unix system groups.
th:wiki:SQLAuthStorePlugin Provide groups from the SQL database.
TracGoogleAppsAuthPlugin Provide groups from a hosted Google Apps domain.
th:TracForgePlugin Adds cross-project permissions with virtual groups.

Additional Information and References

Last modified 11 years ago Last modified on Aug 7, 2011, 2:55:10 PM
Note: See TracWiki for help on using the wiki.