Implementing permissions across multiple user groups

Implementing permissions across multiple user groups

Overview Updates (4) Reviews (36) Discussion
Martok said:
You can use the Batch Update Users to change the user group(s) of multiple users at the same time. You can find it by searching for it using the Search in the top right of the Admin Control Panel.
Click to expand...
Ah, perfect. Not sure how I overlooked that. Thank you!
 
John Stone said:
I just did a import of a vB installation into xF, and that included about 30,000 members. After reading this excellent guide, I've got to make some changes. Many users have what should be (under xF) a secondary group as their primary group. For example, I have about 1,000 imported users with a primary group of "Banned", and now it looks like I need to change their primary group to "Registered" and their secondary group to "Banned". Obviously this is too labor-intensive to be done manually (and this is just one of many groups that I'll need to alter).
Click to expand...

Just hooking in here: is it the best way to use the batch tool after the import to xenforo? Will it safely change all permissions without any relicts?
vB does not seem to let my mass move users because of their secondary usergroup (just primary is available)

So again: is it perfectly safe to mass move users from different primary and secondary usergroups to the correct primary "Registered" and different secondary groups after importing?
Or would it be better to change at least primary group already in vB?
 
I am the admin for a guild in 6 MMO games. Each guild chapter has regular guild members, officers, and leaders. Each game can have up to 7 different ranks. I'd like the rank titles (such as Officer) to show.

Take the game DDO for example. It has 3 ranks:

Tyrs DDO Member
Tyrs DDO Officer
Tyrs DDO Guild Leader

Most other games have 7 different ranks.

So there will likely be three levels of permissions (Each game's regular members cant edit or delete posts, so all regular members permissions will be the same acros games, but have different titles -- Tyrs DDO Mermber, Tyrs Neverwinter Member, etc. ) ... but maybe more...

How can I best set up permissions?
 
Last edited:
I have read this guide a few times as well as various discussions on the topic. I am still uncertain on how to best setup my permission so I can keep some form of logical structure and have an overview of how hundreds of permissions are applied on 30 groups in hundreds of nodes.

Here is the setup that I want to put into structure:

Member Ladder:
  1. Bad Member (almost no permissions: can only edit own posts and reply to own threads)
  2. New Member (very limited permissions)
  3. Normal Member
  4. Advanced 1
  5. Advanced 2
  6. Advanced 3
  7. etc
Set the Registered user group to the minimum permissions you want all members to have. Set those permissions you want them to have to Allow, leave everything else at Not Set (No).
Click to expand...
So based upon the above this means:
Registered members: almost no permissions: can only edit own posts and reply to own threads. The rest of the permissions will be: Not Set (No)
For any additional user groups, only change the specific permissions which differ from the settings in the Registered user group
Click to expand...
Then for New Member, I can add the few permissions needed for this group.
For Normal Member I will need to add the same permissions again, plus the permissions that this group gets extra.
And then for the rest of the groups also set all permissions.

In this way there will be no cumulative permissions, but just set the permissions per group.
Is this the optimal way of doing it?

Staff Ladder:
  1. Junior Moderator (can soft delete, move, but not merge, hard delete nor destroy anything)
  2. XFMG Moderator
  3. XFRM Moderator
  4. Moderator (can do most moderator tasks)
  5. Super moderator (can moderate all forums, as well as moderate new users)
Is there any way to prevent Junior Moderators from merging threads, but allow them to move threads? Merging threads allows moderators to merge all threads in a forum into one thread. (We once had several forums destroyed like that) Or is there an addon for this or will this require custom development?
 
Alfa1 said:
In this way there will be no cumulative permissions, but just set the permissions per group.
Is this the optimal way of doing it?
Click to expand...
No.

The optimal way is to stack the permissions, adding user groups with additional permissions as required.

That avoids having to duplicate permissions across user group.
 
How would you stack permissions?

The registered group should have almost no permissions.
  1. Bad members has the same a registered.
  2. New members group a few extra permissions.
  3. Normal Members group the same as New Member but with a lot of extra permissions
  4. Advanced users 1 group, the same as Normal Members group, but with some extra permissions.
  5. Advanced users 2 group, the same as Advanced users 1 group, but with some extra permissions.
  6. Advanced users 3 group, the same as Advanced users 2 group, but with some extra permissions.
  7. Advanced users 4 group, the same as Advanced users 3 group, but with some extra permissions.
  8. Advanced users 5 group, the same as Advanced users 4 group, but with some extra permissions.
  9. etc.

Should I make advanced users 5 group also members of all of the above(2-7), so that one user will have many additional usergroups?
 
Alfa1 said:
so that one user will have many additional usergroups
Click to expand...
In general, that is the way the system has been designed.

For the bad members user group, that is the one case where you would use Never, so it overrides the allowed permissions in the other user groups the member is in.
 
Ok. So for members in the highest usergroup they will have 11 additional user groups plus the account upgrade groups and there are some additional groups giving access to specific things.

So how do we see the rank of the member if there are so many additional usergroups?

Does this cause significant overhead if members are in so many groups?

It could well be that I need to get used to the system, but I am afraid that I will not be able to keep overview with so many additional groups in combination with node permissions.
I do plan to create an excel sheet, but still...
 
The rank/title/user group styling is determined by the user group with the highest display styling priority.
 
Got a question

I have several subforums on my install and well actually i need to advance this slighty, is it doable that a user has to have 2 specific usergroups to be able to see a certain subforum? if users only have the one, they wont be able to see it?
 
Jimmi said:
Got a question

I have several subforums on my install and well actually i need to advance this slighty, is it doable that a user has to have 2 specific usergroups to be able to see a certain subforum? if users only have the one, they wont be able to see it?
Click to expand...
No. A user group can either see a forum or it can't, there's no conditional based on membership of another user group.

Maybe if you explain why you think you need a member to be in 2 user groups to see a forum, then an alternative solution, based on how XenForo user group permissions work, can be suggested.
 
Martok said:
No. A user group can either see a forum or it can't, there's no conditional based on membership of another user group.

Maybe if you explain why you think you need a member to be in 2 user groups to see a forum, then an alternative solution, based on how XenForo user group permissions work, can be suggested.
Click to expand...
There is a special forum that can only be accessed if the user has a special user group added (depending on how the gamer behaves) and then he needs to buy access on top of that.
 
Alfa1 said:
How would you stack permissions?

The registered group should have almost no permissions.
  1. Bad members has the same a registered.
  2. New members group a few extra permissions.
  3. Normal Members group the same as New Member but with a lot of extra permissions
  4. Advanced users 1 group, the same as Normal Members group, but with some extra permissions.
  5. Advanced users 2 group, the same as Advanced users 1 group, but with some extra permissions.
  6. Advanced users 3 group, the same as Advanced users 2 group, but with some extra permissions.
  7. Advanced users 4 group, the same as Advanced users 3 group, but with some extra permissions.
  8. Advanced users 5 group, the same as Advanced users 4 group, but with some extra permissions.
  9. etc.

Should I make advanced users 5 group also members of all of the above(2-7), so that one user will have many additional usergroups?
Click to expand...

Did you really put the highest usergroup with so many secondary user groups? Any problems with that?
 
No, that just is not manageable for me. I use registered member as main, plus an advanced usergroup as secondary. This work best for me. I just cant wrap my head around having a mass of secondary groups.
 
I've read this quite a few times now and still getting my head around it.

In most instances you'd want a user to enter with a standard set of permissions (rather than start at the bottom and ramp up permissions), as sometimes you need them to be downgraded lower than Standard Users.

That means that any downgraded permission under "Registered Users" would need to have the permission set to NEVER right?

So would the entire user landscape look something like this?

1588741642335.webp

Would this also mean that:
a) Banned or Restricted Users should be Registered Users (Primary), and then Banned (or Restricted) as Secondary User Group?
b) Staff should be Registered Users (Primary), and then Trusted Users, AND Administrator / Moderator as Secondary User Groups?
 
Brogan updated Implementing permissions across multiple user groups with a new update entry:

Granting additional permissions to established members

This and other similar questions keep coming up so here's an example of how to prevent newly registered members from starting conversations and only allowing them to once they have been registered for a week.

  1. Set the Start conversations permission for the Registered user group to No
  2. Create a new user group - let's call it Established members
  3. Set the Start conversations permission for the...
Click to expand...

Read the rest of this update entry...
 
Time for me to finally fix my groups. One question first. Since we start with the registered group and then add permissions as groups become more senior, what is the best practice for the unregistered group? Just edit that group as its own without relation to the rest?
 
You must log in or register to reply here.

Similar threads

Ozzy47
[OzzModz] User Groups Edit
Replies
1
Views
792
Awucard
A
T
  • Question Question
XF 2.2 Having two user groups for same user but with different permissions
Replies
4
Views
697
Mr Lucky
Mr Lucky
zackw
  • Question Question
XF 2.2 How do usergroup overrides with with number fields?
Replies
2
Views
495
zackw
zackw
Serpius
  • Question Question
XF 2.2 Correct Way Of Doing User Group Permissions?
Replies
6
Views
1K
Black Tiger
Black Tiger
gogo
  • Question Question
XF 2.1 Permissions..
Replies
0
Views
383
gogo
gogo
Top Bottom