Admin permissions issue/error/config problem?

CTXMedia

Well-known member
I've created a fourm where I (as admin) want to post announcements.

No one else wants to have posting permissions for this forum.

I've therefore set Registered and Moderator users to "Never" for posting a new thread.

For some reason, this stops me - as Admin - from posting? Why is that?

It's almost like the Registered user permissions are being inherited by Admin?

Any ideas?

Cheers,
Shaun :D
 
Is the Admin user account in the registered or moderating usergroups?

If so, that's why.

Each permission may be set to a different value. If a user is in multiple groups or has specific permissions set, this may cause multiple conflicting values for a permission. For example, a user may have both not set (no) and allow for the view node permission, so what takes priority?

Permission value priority is set in this order: (highest priority first)

  1. Never – this will not grant the permission. This can never be overridden, so should be used sparingly.
http://xenforo.com/help/permissions/

You should use Revoke instead of Never in cases such as this relating to node specific permissions.
 
Okay, after fiddling around - if I set Registered to "revoke" rather than "never" it works.

However, I would have assumed that tiering permissions would run downwards from admin - not upwards from the lower tiers???

So setting "never" at a lower tier shouldn't affect the upper "Admin" privs.

It seems "wrong" that a Registered user group setting can effectively knock-out and Admin capability.

Cheers,
Shaun :D
 
A Never affects any member who is in that user group, whether it is a secondary or primary user group.

If the member isn't in that group then it won't affect them.

There is no "tiering" of permissions, they are cumulative.
User groups do not have priorities where permissions are concerned; the Administrative user group is treated exactly the same as the registered user group.
 
If the member isn't in that group then it won't affect them.

Hmmm ... well, in my case it did.

My Admin user account was only in the administrative user group, yet the Registered user setting seemed to impact on it.

Are you saying that all user accounts are affected by Registered user group settings?

Cheers,
Shaun :D
 
Are you saying that all user accounts are affected by Registered user group settings?
No.

Only members in the Registered user group are affected by the permissions set for that group.

You need to investigate what the issue is as changing permissions of a user group which the user is not member of should not affect that user.
 
Okay, tried and tested, and still getting the permission problem:

geeks-privs-01.webp

User account - Shaun - Is a Super Admin and only belongs to the Administrative user group. So changes to other user groups should not impact on Shaun's ability to post etc.

geeks-privs-02.webp

So, we change the node permissions for this test forum and we say that the Registered user group can Never post - that's what we want - want to remove their ability to post and never want them to be able to.

Admin should still be able to post in the test forum - right?

geeks-privs-03.webp

Just to ensure Admin user Shaun can post, we Allow the Administrative group to post - we explicitly give permission.

So, when user Shaun from the Administrative group (who isn't in any other user group) tries to post in the test forum:

geeks-privs-04.webp

... he's DENIED!!! lol

So is this a bug? or am I misunderstanding the permission system?

Cheers,
Shaun :D
 
You da man Pauly ... you da man!!!

Seriously, though, thanks ... it was confusing the hell out of me and I never thought to look at whether the "Admin" account would actually just be a regular registered member.

Thanks,
Shaun :D
 
This is actually the correct way to do it.

All members should be in the Registered user group as their Primary.
Any additional user groups should be Secondary.

Just use Not Set (No) or Revoke instead of Never and it will work fine.

It is recommended however that all users have the Registered user group set as their primary user group and any additional groups they are members of are set as secondary groups. This makes it easy to manage permissions due to the cumulative nature in which they are applied.

http://xenforo.com/help/user-groups/
 
That bloody "never" setting is powerful.

I must admit though, the "revoke" wording would be much better if it simply said "no" or "disallow" ... I know what it effectively means now, but a slight change of wording might help. ;)

Cheers,
Shaun :D
 
Been there, done that ;)

The wording has already been changed based on feedback.

Revoke does exactly what it says though in this instance.
It revokes a board-wide permission which has been set elsewhere, in the user group specifically.
 
Top Bottom