Implementing permissions across multiple user groups

Implementing permissions across multiple user groups

Overview Updates (4) Reviews (36) Discussion
If all users are members of registered... and you grant registered posting permissions in general as that's the default behavior in most forums.

But if you have a forum you only want some users to be able to post in.. I would expect on the Node to be able to set revoke for 'registered' users.. and set 'allow' for a special access group. The user in question tho is a member of BOTH groups.. registered (default) and the special access group. So will the allow override the revoke.. both of which are set on the node?

If not, if all users are a member of registered users.. how can I revoke a permission for most users on a forum.. and elevate just some user groups?

I'm trying this without success... analyze permissions says it works.. (posting =yes) but when I use test permissions or log in a test user.. they don't have the rights.
 
Brogan updated Implementing permissions across multiple user groups with a new update entry:

Why, when installing a new add-on, using the Registered user group as the primary works best

Some people are still confused as to why it's best practice to have the Registered user group as the primary and other user groups as the secondary.

Let's look at what happens in two different scenarios on two different forums when installing a new add-on.


Dave has 20 user groups defined.
Members have the Registered user group as the primary and they have been added to the other groups as secondary.

John has 20 user groups defined.
Members have different user groups as the primary and have...
Click to expand...

Read the rest of this update entry...
 
Great tutorial! I have a question: how to set the default usergroup for the new members?
 
Last edited:
You can change the name of the default "Registered" group - no?
And, of course, apply whatever permissions you want to offer brand new, unpromoted members at your discretion.
 
The four default user groups can be renamed and the permissions changed to suit.
They can't however be deleted nor have their core functions changed.

I understood the question above to be "which group can newly registered members be added to by default?".
That is hard coded to the Registered user group and can't be changed.
 
Brogan said:
1. All members should be in the Registered group as their Primary - that includes moderators, administrators and super administrators.
Click to expand...

What about banned members? Keep them in the Primary Registered group and add them to a Banned Secondary group?
 
OK, so

First set up the permissions per group

Then

All members are Registered as their Primary.

When a user is registered their Primary is Registered and they have No Secondary checked.

When a user gets banned he/she remains Primary and the Secondary becomes Banned Users.

When a user is a Moderator their primary is Registered their Secondary is Moderating.

When a user is a Super Moderator their primary is Registered their Secondary is Super Moderators.

When a user is an Admin their primary is Registered their Secondary is Administrative.

Bonus question :) Most users on a site are obviously just plain registered users. How to ensure that they have their user groups correct? On a big board registered users run into the thousands.

Thank you!
 
Bob_R said:
OK, so

First set up the permissions per group

Then

All members are Registered as their Primary.

When a user is registered their Primary is Registered and they have No Secondary checked.

When a user gets banned he/she remains Primary and the Secondary becomes Banned Users.

When a user is a Moderator their primary is Registered their Secondary is Moderating.

When a user is a Super Moderator their primary is Registered their Secondary is Super Moderators.

When a user is an Admin their primary is Registered their Secondary is Administrative.
Click to expand...
Correct.

Bonus question :) Most users on a site are obviously just plain registered users. How to ensure that they have their user groups correct? On a big board registered users run into the thousands.
Click to expand...
I'm not sure I understand.

When members register, their default user group is the Registered group.

Members will then become members of additional user groups based on user group promotions or manually promoting or adding them.

If you set the promotions up correctly then they will be in the correct user groups.
 
No problem.

The permissions system in XenForo is probably different to what you're used to.
If you follow the guide though and make sure you set them up at the start as explained, you won't have any issues.
 
First minor glitch.

Set up user group permissions for a Super Mod. Set the user as a Registered (Primary), Super Mod (Secondary).

But, when I check this user's User permissions it's toally different than his/the Super Mod permissions.

Does a cron job need to be run or when a cron job runs it'll update. Or did I screw up?
 
User permissions will always be displayed as Not Set (No), unless you have specifically applied permissions to that user.
The page doesn't show the resolved permissions based on all user groups.

Use the Analyze Permissions function to see the actual resolved permissions.

Also bear in mind that members need to be specifically promoted to moderator status.
Just adding to a user group isn't enough.
 
Main Company said:
I guess I'm not getting the big picture yet, but how would creating sub-groups reduce permission checks?
Click to expand...

The group system lets you represent different permission sets with groups. When a user is a member of multiple groups those permissions combine. It's an organizational thing. There are good and bad ways to organize your permissions using groups.
 
Jake Bunce said:
The group system lets you represent different permission sets with groups. When a user is a member of multiple groups those permissions combine. It's an organizational thing. There are good and bad ways to organize your permissions using groups.
Click to expand...
Right, I get that it makes sense to make everyone a "registered user" and then to further define their permissions via a secondary group. But what I'm not seeing is how that will "Reduce Permission Checks"? One is still going to need to customize every private node and every group within that private node, yes?
 
Last edited:
Main Company said:
Right, I get that it makes sense to make everyone a "registered user" and then to further define their permissions via a secondary group. But what I'm not seeing is how that will "Reduce Permission Checks"? One is still going to need to customize every private node and every group within that private node, yes?
Click to expand...

In the case of a private node you could create a new group to represent access to that node. Then make the node private and set Allow for that one group. There would be no need to edit each individual group under that node since a "Private node" (as defined by the checkbox option) disables access for all groups except those that are explicitly allowed.
 
You must log in or register to reply here.

Similar threads

O
  • Suggestion Suggestion
Lack of interest Change permissions for multiple user groups at the same time
Replies
1
Views
780
James
J
Top Bottom