1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implementing permissions across multiple user groups

How to make best use of the cumulative permission function.

  1. Brogan

    Brogan XenForo Moderator Staff Member

    Brogan submitted a new resource:

    Implementing permissions across multiple user groups (version 1.0) - How to make best use of the cumulative permission function.

    Read more about this resource...
  2. Morgain

    Morgain Well-Known Member

    Brogan thank you this is very helpful as I am redoing my permissions now I understand better.

    Your system makes Registered a default set of permissions for all members, which makes good sense.
    It seems to me it would be very helpful under your system to have a display of these default/ Registered permissions on all other usergroups. Not as a column to edit just for the info to compare.

    This makes it easy to see where I don't need to add permissions to a secondary group because they are already there.
    My workaround when is to have two tabs open, one with the Registered group, and the other the group I'm editing/ creating. But it's tedious to keep going backwards and forwards to check.

    I don't understand the notifications override above the permissions stack.
    Of course I understand this is a global override. But I don't know where a usergroup can have notifications enabled per usergroup so this is relevant?
  3. Brogan

    Brogan XenForo Moderator Staff Member

    I spoke to Mike about that a while ago and proposed this:

    Not sure yet whether it will make it into a future release or not.

    That looks to be from an add-on.
    Breixo and PerfectInsanity like this.
  4. Morgain

    Morgain Well-Known Member

    Yours looks good but that only shows us from the perspective of a node.
    I think a comparison in the usergroup editor as I have shown, would be equally useful.
  5. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  6. Morgain

    Morgain Well-Known Member

    I have the new structure as advised with all my members Primary as Registered.
    That means only being able to view content (and Conversation with one other member)

    I made a new usergroup ACTIVE which adds the standard abilities to post, create, edit and Conversation functions.
    This will be what I manually add to a self registered member if I approve them.
    The other secondary usergroups just affect access to some areas, or change the user's displayed title based on location or offline issues in our community - this is all manual allocation to additional secondary usergroups by me.

    Then there's a Sleeper secondary usergroup which isn't active on the board - it really matches Registered: view titles not content. But the displayed title is Sleeper.

    All my members should be either ACTIVE (able to do stuff) or Sleeper (gone latent).

    I went through them all changing to the new system so all members Primary usergroup is Registered (view only, no view on content)
    then ACTIVE overrides that.
    But one poor member didn't get the crucial tick on ACTIVE to enable post, , edit etc.
    I got a worried message asking me what's up ... Now I'M worried if I missed anyone else.

    I really don't want to plod through all those accounts again individually checking that they all have ACTIVE or Sleeper so how do I check that?
    Ive looked around for a check or search on members and can't find any. All I can do is select one or other, or both usergroups to search on. There's no way to get a list of members NOT in a usergroup or set of usergroups.
    PerfectInsanity likes this.
  7. yavuz

    yavuz Well-Known Member

    Brogan I set the user group to Registered User and selected the additional permission group which has it's own color. However it's showing the primary user groups color (Registered User). I'm I doing something wrong?
  8. Brogan

    Brogan XenForo Moderator Staff Member

    Check the Display Styling Priority.
    yavuz likes this.
  9. yavuz

    yavuz Well-Known Member

    I've missed that :censored: it'a OK now, thanks (y)
  10. Kainzo

    Kainzo Active Member

    To be honest... I didnt have much issue with this. We don't it like this either...

    Registered is for default users, We use "Member" for the private area + registered access
  11. yavuz

    yavuz Well-Known Member

    I'm again in need for your help Brogan;

    In certain forums the member who belongs to the "Registered" member group should not have the permission to open threads. So the way I did it I set "Never" for the "Registered" group to open thread at the node level:


    Now I can't open threads in this node either since I belong to the same group (I gave my user group permission to open a thread)


    I'm obviously doing something terribly wrong.
  12. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Never overrides everything. That literally means that members of the Registered group will never have that permission regardless of allowances in other groups or nodes.

    Instead you should edit the node permissions and restrict only those forums:

    Admin CP -> Applications -> Display Node Tree -> Permissions

    Set Revoke for the Registered group, and Allow for the Admin group. That will accomplish the desired result.
  13. yavuz

    yavuz Well-Known Member

    I was hoping to avoid that because there is only one user group that has not permission to open threads, the rest of the user groups can. I will have to give 8 user groups multiplied by 100 nodes permission to open threads :(
  14. Digital Doctor

    Digital Doctor Well-Known Member

    As Brogan said, NEVER use NEVER.
    Administrators are Registered, so you've set things up such that no registered members can posts.
  15. DRE

    DRE Well-Known Member

    Oh I'm only just now seeing this after the damage is done.
  16. Morgain

    Morgain Well-Known Member

    We definitely need a grid display for permissions.
    I know the mods grasp it but us peasants don't. It's in too many individual places.
  17. Kainzo

    Kainzo Active Member

    Is there a way to have sub-groups? Trying to reduce my permission checks...
  18. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Sure. You can create a new group and put people in it. That way you don't have to Revoke + Allow like you do with the default Registered group (of which everyone is a member).
  19. Kainzo

    Kainzo Active Member

    Right, I have about 20 groups as is... no one stays in default, I dont think...
  20. Alfa1

    Alfa1 Well-Known Member

    So what if you have many secondary usergroups?
    If you use 'registered users' as the base.
    Then the real usergroup as secondary.
    And then 'subscribing member' also as additional.
    Then how do the permissions of the additional groups override each other?

Share This Page