1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Admin permissions issue/error/config problem?

Discussion in 'XenForo Questions and Support' started by CyclingTribe, Apr 12, 2011.

  1. CyclingTribe

    CyclingTribe Well-Known Member

    I've created a fourm where I (as admin) want to post announcements.

    No one else wants to have posting permissions for this forum.

    I've therefore set Registered and Moderator users to "Never" for posting a new thread.

    For some reason, this stops me - as Admin - from posting? Why is that?

    It's almost like the Registered user permissions are being inherited by Admin?

    Any ideas?

    Cheers,
    Shaun :D
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Is the Admin user account in the registered or moderating usergroups?

    If so, that's why.

    http://xenforo.com/help/permissions/

    You should use Revoke instead of Never in cases such as this relating to node specific permissions.
     
    GeeksChat likes this.
  3. CyclingTribe

    CyclingTribe Well-Known Member

    Nope.
     
  4. CyclingTribe

    CyclingTribe Well-Known Member

    Okay, after fiddling around - if I set Registered to "revoke" rather than "never" it works.

    However, I would have assumed that tiering permissions would run downwards from admin - not upwards from the lower tiers???

    So setting "never" at a lower tier shouldn't affect the upper "Admin" privs.

    It seems "wrong" that a Registered user group setting can effectively knock-out and Admin capability.

    Cheers,
    Shaun :D
     
  5. Brogan

    Brogan XenForo Moderator Staff Member

    A Never affects any member who is in that user group, whether it is a secondary or primary user group.

    If the member isn't in that group then it won't affect them.

    There is no "tiering" of permissions, they are cumulative.
    User groups do not have priorities where permissions are concerned; the Administrative user group is treated exactly the same as the registered user group.
     
    GeeksChat likes this.
  6. CyclingTribe

    CyclingTribe Well-Known Member

    Hmmm ... well, in my case it did.

    My Admin user account was only in the administrative user group, yet the Registered user setting seemed to impact on it.

    Are you saying that all user accounts are affected by Registered user group settings?

    Cheers,
    Shaun :D
     
  7. Brogan

    Brogan XenForo Moderator Staff Member

    No.

    Only members in the Registered user group are affected by the permissions set for that group.

    You need to investigate what the issue is as changing permissions of a user group which the user is not member of should not affect that user.
     
    GeeksChat likes this.
  8. CyclingTribe

    CyclingTribe Well-Known Member

    Yeah, that's what I thought.

    I'll have a play around with it later and report back. (y)

    Cheers,
    Shaun :D
     
  9. CyclingTribe

    CyclingTribe Well-Known Member

    Okay, tried and tested, and still getting the permission problem:

    geeks-privs-01.PNG

    User account - Shaun - Is a Super Admin and only belongs to the Administrative user group. So changes to other user groups should not impact on Shaun's ability to post etc.

    geeks-privs-02.PNG

    So, we change the node permissions for this test forum and we say that the Registered user group can Never post - that's what we want - want to remove their ability to post and never want them to be able to.

    Admin should still be able to post in the test forum - right?

    geeks-privs-03.PNG

    Just to ensure Admin user Shaun can post, we Allow the Administrative group to post - we explicitly give permission.

    So, when user Shaun from the Administrative group (who isn't in any other user group) tries to post in the test forum:

    geeks-privs-04.PNG

    ... he's DENIED!!! lol

    So is this a bug? or am I misunderstanding the permission system?

    Cheers,
    Shaun :D
     
  10. Brogan

    Brogan XenForo Moderator Staff Member

    Can you do a screenshot for Shaun from the standard users screen?
    The one above is the Administrators screen.
     
    GeeksChat likes this.
  11. CyclingTribe

    CyclingTribe Well-Known Member

    Do you mean the user profile screen - when you click on the username in the front-end?
     
  12. Brogan

    Brogan XenForo Moderator Staff Member

    No, the Users screen in the ACP.

    Like this:
    user.PNG
     
    GeeksChat likes this.
  13. CyclingTribe

    CyclingTribe Well-Known Member

    Congrats ... it's coming in a minute, but wait for it ... wait for it ...
     
  14. Brogan

    Brogan XenForo Moderator Staff Member

    I'm fairly sure what it's going to be ;)
     
  15. CyclingTribe

    CyclingTribe Well-Known Member

  16. Brogan

    Brogan XenForo Moderator Staff Member

    There you go.

    Shaun is in the Registered user group, which has Never set for that node.

    :)

    ;)
     
    GeeksChat likes this.
  17. CyclingTribe

    CyclingTribe Well-Known Member

    You da man Pauly ... you da man!!!

    Seriously, though, thanks ... it was confusing the hell out of me and I never thought to look at whether the "Admin" account would actually just be a regular registered member.

    Thanks,
    Shaun :D
     
  18. Brogan

    Brogan XenForo Moderator Staff Member

    This is actually the correct way to do it.

    All members should be in the Registered user group as their Primary.
    Any additional user groups should be Secondary.

    Just use Not Set (No) or Revoke instead of Never and it will work fine.

    http://xenforo.com/help/user-groups/
     
    GeeksChat likes this.
  19. CyclingTribe

    CyclingTribe Well-Known Member

    That bloody "never" setting is powerful.

    I must admit though, the "revoke" wording would be much better if it simply said "no" or "disallow" ... I know what it effectively means now, but a slight change of wording might help. ;)

    Cheers,
    Shaun :D
     
  20. Brogan

    Brogan XenForo Moderator Staff Member

    Been there, done that ;)

    The wording has already been changed based on feedback.

    Revoke does exactly what it says though in this instance.
    It revokes a board-wide permission which has been set elsewhere, in the user group specifically.
     

Share This Page