• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Admin permissions issue/error/config problem?

CTXMedia

Formerly CyclingTribe
#1
I've created a fourm where I (as admin) want to post announcements.

No one else wants to have posting permissions for this forum.

I've therefore set Registered and Moderator users to "Never" for posting a new thread.

For some reason, this stops me - as Admin - from posting? Why is that?

It's almost like the Registered user permissions are being inherited by Admin?

Any ideas?

Cheers,
Shaun :D
 

Brogan

XenForo moderator
Staff member
#2
Is the Admin user account in the registered or moderating usergroups?

If so, that's why.

Each permission may be set to a different value. If a user is in multiple groups or has specific permissions set, this may cause multiple conflicting values for a permission. For example, a user may have both not set (no) and allow for the view node permission, so what takes priority?

Permission value priority is set in this order: (highest priority first)

  1. Never – this will not grant the permission. This can never be overridden, so should be used sparingly.
http://xenforo.com/help/permissions/

You should use Revoke instead of Never in cases such as this relating to node specific permissions.
 

CTXMedia

Formerly CyclingTribe
#4
Okay, after fiddling around - if I set Registered to "revoke" rather than "never" it works.

However, I would have assumed that tiering permissions would run downwards from admin - not upwards from the lower tiers???

So setting "never" at a lower tier shouldn't affect the upper "Admin" privs.

It seems "wrong" that a Registered user group setting can effectively knock-out and Admin capability.

Cheers,
Shaun :D
 

Brogan

XenForo moderator
Staff member
#5
A Never affects any member who is in that user group, whether it is a secondary or primary user group.

If the member isn't in that group then it won't affect them.

There is no "tiering" of permissions, they are cumulative.
User groups do not have priorities where permissions are concerned; the Administrative user group is treated exactly the same as the registered user group.
 

CTXMedia

Formerly CyclingTribe
#6
If the member isn't in that group then it won't affect them.
Hmmm ... well, in my case it did.

My Admin user account was only in the administrative user group, yet the Registered user setting seemed to impact on it.

Are you saying that all user accounts are affected by Registered user group settings?

Cheers,
Shaun :D
 

Brogan

XenForo moderator
Staff member
#7
Are you saying that all user accounts are affected by Registered user group settings?
No.

Only members in the Registered user group are affected by the permissions set for that group.

You need to investigate what the issue is as changing permissions of a user group which the user is not member of should not affect that user.
 

CTXMedia

Formerly CyclingTribe
#8
You need to investigate what the issue is as changing permissions of a user group which the user is not member of should not affect that user.
Yeah, that's what I thought.

I'll have a play around with it later and report back. (y)

Cheers,
Shaun :D
 

CTXMedia

Formerly CyclingTribe
#9
Okay, tried and tested, and still getting the permission problem:

geeks-privs-01.PNG

User account - Shaun - Is a Super Admin and only belongs to the Administrative user group. So changes to other user groups should not impact on Shaun's ability to post etc.

geeks-privs-02.PNG

So, we change the node permissions for this test forum and we say that the Registered user group can Never post - that's what we want - want to remove their ability to post and never want them to be able to.

Admin should still be able to post in the test forum - right?

geeks-privs-03.PNG

Just to ensure Admin user Shaun can post, we Allow the Administrative group to post - we explicitly give permission.

So, when user Shaun from the Administrative group (who isn't in any other user group) tries to post in the test forum:

geeks-privs-04.PNG

... he's DENIED!!! lol

So is this a bug? or am I misunderstanding the permission system?

Cheers,
Shaun :D
 

CTXMedia

Formerly CyclingTribe
#17
You da man Pauly ... you da man!!!

Seriously, though, thanks ... it was confusing the hell out of me and I never thought to look at whether the "Admin" account would actually just be a regular registered member.

Thanks,
Shaun :D
 

Brogan

XenForo moderator
Staff member
#18
This is actually the correct way to do it.

All members should be in the Registered user group as their Primary.
Any additional user groups should be Secondary.

Just use Not Set (No) or Revoke instead of Never and it will work fine.

It is recommended however that all users have the Registered user group set as their primary user group and any additional groups they are members of are set as secondary groups. This makes it easy to manage permissions due to the cumulative nature in which they are applied.
http://xenforo.com/help/user-groups/
 

CTXMedia

Formerly CyclingTribe
#19
That bloody "never" setting is powerful.

I must admit though, the "revoke" wording would be much better if it simply said "no" or "disallow" ... I know what it effectively means now, but a slight change of wording might help. ;)

Cheers,
Shaun :D
 

Brogan

XenForo moderator
Staff member
#20
Been there, done that ;)

The wording has already been changed based on feedback.

Revoke does exactly what it says though in this instance.
It revokes a board-wide permission which has been set elsewhere, in the user group specifically.