**_%T% Tip:_** TWiki:TWiki.TWikiAccessControlSupplement on TWiki.org has additional documentation on access control.
+<a name="ImportantConsideration"></a>
+
## <a name="An Important Control Considerati"></a> An Important Control Consideration
Open, freeform editing is the essence of [[WikiCulture]] - what makes TWiki different and often more effective than other collaboration tools. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less Wiki in the mix. Experience shows that _unrestricted write access_ works very well because:
This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.
-**_%X% Note:_** Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.
+**_%X% Note:_** Obfuscating a web without view access control is **very** insecure, as anyone who knows the URL can access the web.
### <a name="Authenticate all Webs and Restri"></a> Authenticate all Webs and Restrict Selected Webs
- <code>**Set DENYWEBVIEW = < list of Users and Groups >**</code>
- <code>**Set ALLOWWEBVIEW = < list of Users and Groups >**</code>
- **_Note:_** `DENYWEBVIEW` is evaluated before `ALLOWWEBVIEW`. Access is denied if the authenticated person is in the `DENYWEBVIEW` list, or not in the `ALLOWWEBVIEW` list. Access is granted in case `DENYWEBVIEW` and `ALLOWWEBVIEW` is not defined.
-2. **Hide** the web from an "all webs" search. Enable this restriction with the <code>**NOSEARCHALL**</code> variable in its [[WebPreferences]] topic:
- - <code>**Set NOSEARCHALL = on**</code>
### <a name="Authenticate and Restrict Select"></a> Authenticate and Restrict Selected Webs Only
- <code>**Set DENYWEBVIEW = < list of Users and Groups >**</code>
- <code>**Set ALLOWWEBVIEW = < list of Users and Groups >**</code>
- **_Note:_** `DENYWEBVIEW` is evaluated before `ALLOWWEBVIEW`. Access is denied if the authenticated person is in the `DENYWEBVIEW` list, or not in the `ALLOWWEBVIEW` list. Access is granted in case `DENYWEBVIEW` and `ALLOWWEBVIEW` is not defined.
-2. **Hide** the web from an "all webs" search. Enable this restriction with the <code>**NOSEARCHALL**</code> variable in its [[WebPreferences]] topic:
- - <code>**Set NOSEARCHALL = on**</code>
### <a name="Hide Control Settings"></a> Hide Control Settings