Implementing permissions across multiple user groups

Main Company · Jul 7, 2014

Jake Bunce said:
In the case of a private node you could create a new group to represent access to that node. Then make the node private and set Allow for that one group. There would be no need to edit each individual group under that node since a "Private node" (as defined by the checkbox option) disables access for all groups except those that are explicitly allowed.

This may be overkill, but I have a private category which is a child to another private category - and inside that I have private forums.

In short, we're operating like a consulting group with numerous clients, so we have quite a few different groups accessing our Xenforo instance, and these groups can't even know that each other exist.

So, even if I setup a unique group for each forum, I've got 3-separate nodes where I must Allow them access.

Jake Bunce · Jul 7, 2014

Main Company said:
This may be overkill, but I have a private category which is a child to another private category - and inside that I have private forums.

In short, we're operating like a consulting group with numerous clients, so we have quite a few different groups accessing our Xenforo instance, and these groups can't even know that each other exist.

So, even if I setup a unique group for each forum, I've got 3-separate nodes where I must Allow them access.

Yep. You need to explicitly allow access to the common nodes for each group in that case. If there are 3 common nodes then each new client that is added means you need to add access to those 3 common nodes.

...or you could even create a separate group which represents access to the common nodes.

Main Company · Jul 7, 2014

Jake Bunce said:
Yep. You need to explicitly allow access to the common nodes for each group in that case. If there are 3 common nodes then each new client that is added means you need to add access to those 3 common nodes.

...or you could even create a separate group which represents access to the common nodes.

oooooh, now that's an interesting approach. Thank you

Main Company · Jul 9, 2014

Okay, so I've setup & organized all of my nodes. Made the ones private that I want private. And have basically created a group for each private node (with virtually identical naming as used in the corresponding node).

So, my next step in the plan is to Allow "view" access in each node for each corresponding group. So, in the Information Tech node I will grant the IT group Allow access in the node permissions. Does this make sense so far?

After that, I will make each user a Registered User as primary, and then select the relevant groups as Secondary.

If all that make sense so far, then I think my only other issue is assigning group permissions in the admin and/or moderator groups, where I want these user groups to have special powers.

If seems like if I execute the above, I should have a fairly simple permissions system to administer.

Just I miss anything?

Bubka3 · Aug 7, 2014

So I have this scenario:

3 groups

Registered
Moderator (moderator privs + staff banner)
Administrator (admin privs + staff banner)

Following this guide, an admin will be in both Moderator and Administrator. The problem is if you have multiple banners on, the admin has both of these banners...

Paul B · Aug 7, 2014

Disable banner stacking.

eForum · Oct 4, 2014

Hello Guys,

I am really really struggling with promotions, groups and permissions and I am hoping someone can help me out.

So I have my ladder set out like this below;

http://awesomescreenshot.com/06d3lnjm18

I followed the user group permissions as detailed (I think I did) so I have created two new user groups to test out the promotions. I created junior member and registered member and changed the default registered member group to new member so it serves as the default group all registered members will be in.

Here are the settings for the registered member which requires at least one trophy point to be in

http://awesomescreenshot.com/0523lnk31d and

http://awesomescreenshot.com/0e43lnk837

I then created the next group in the ladder Junior member and have the following promotion settings ;

http://awesomescreenshot.com/0e03lnkd40 and

http://awesomescreenshot.com/0153lnkg27

With this, I am expecting members with at least 5 trophy points have Junior member status displayed. After rebuilding cache, I have a user with 19 trophy points and my idea is that he will be displaying Junior member status but he is displaying Registered member.

http://awesomescreenshot.com/0323lnkmb8

Please advise me where I am going wrong.

Regards

Paul B · Oct 4, 2014

Which user groups is that user a member of?
What are the display styling priorities for each of the user groups?
How do you have the user banner options set up?

eForum · Oct 4, 2014

Brogan said:
Which user groups is that user a member of?
What are the display styling priorities for each of the user groups?
How do you have the user banner options set up?

Thanks Brogdan,

Which user groups is that user a member of?

The member should be promoted into the active member user group because he has 19 trophy points and the requirements states minimum 15 points. I think that is how group promotions work.

What are the display styling priorities for each of the user groups?
I have set them out from 1 to 6 with one being new members the lowest in the ladder and 6 the highest. So he has display order of 4.

How do you have the user banner options set up?

I have the following settings;
User Title Override: Use the default user title ladder
User Banner Text: Active Member

Then I have selected a colour like this

http://awesomescreenshot.com/0a03lnrpa0

Paul B · Oct 4, 2014

eForum said:
The member should be promoted into the active member user group because he has 19 trophy points and the requirements states minimum 15 points.

Have you double checked which groups the user is a member of?
Are you sure the promotion worked?

eForum · Oct 4, 2014

Brogan said:
Have you double checked which groups the user is a member of?
Are you sure the promotion worked?

If applying promotions from new member to say registered member, on the Add user to user groups, do i select both new member and registered member ?

Thanks

eForum · Oct 4, 2014

UPDATE:

Ok something strange just happened. It has changed and I think he has the correct style and in the correct group. Maybe it's the cron I don't know but all displays fine. Sorry for the false alert. Thanks @Brogan

http://awesomescreenshot.com/0483lnui9d

eForum · Oct 4, 2014

I thought is was best to carry on with the conversation here rather tun opening a new thread.

Understanding user promotions and permissions.

Default group when a user registers on my forum is new member and after they have one trophy point, they are promoted to registered member. With registered member status, they can have signature links but cannot post in marketplace. After 5 points, they are promoted to junior member status and can now post in marketplace.

Here is where I am confused after that promotion, since they are moved into junior member group, do they lose the benefits of registered member status group? In the promotion from registered member to junior member, I have selected Add user to user groups: junior member but have not selected registered member.

Is this how it works?

Regards

Paul B · Oct 4, 2014

Permissions are cumulative.

Apply the base permissions you want all members to have to the Registered user group.
Apply additional permissions to secondary user groups.

eForum · Oct 4, 2014

Brogan said:
Permissions are cumulative.

Apply the base permissions you want all members to have to the Registered user group.
Apply additional permissions to secondary user groups.

Ok just so I understand correctly, I would set junior member to be able to post in marketplace and also have signature links.

Paul B · Oct 4, 2014

CMGDevel · Dec 12, 2014

Ok but how does the cumulative work when dealing with numbers? For example a base registered usergroup allows 5 lines of signature, but you add a premium usergroup that adds some other things but for whom you do not wish to add any more signature lines. Do you have to specify 5 lines again for this secondary usergroup?

Paul B · Dec 12, 2014

The highest value takes precedence.

herocus · Dec 15, 2014

Hi @Brogan

I still dont quite get it, perhaps my little brain cannot take this concept...

1. All members should be in the Registered group as their Primary - that includes moderators, administrators and super administrators.

Where do I assign All members, admin, super admin and moderatior to Registered Group as Primary?
When Members Signed Up - don't they automatically assigned to Registered Group? How do I know whether they are in Primary or Secondary?

Where should I assign to Secondary Group?

Sorry I'm very new to this kind of permission setting...

Paul B · Dec 15, 2014

herocus said:
When Members Signed Up - don't they automatically assigned to Registered Group?

Yes.
Imports may be different though.

Use the various pages in the ACP to check user groups members and move them around:

admin.php?users/search

admin.php?users/batch-update

Implementing permissions across multiple user groups

Active member

Well-known member

Active member

Active member

Active member

XenForo moderator

Member

XenForo moderator

Member

XenForo moderator

Member

Member

Member

XenForo moderator

Member

XenForo moderator

Active member

XenForo moderator

Active member

XenForo moderator

Similar threads

We value your privacy