XF 2.1 Node Permissions query

[RallyFan]

Just reading through specifics on Node Permissions, and note how you can create Private Nodes as well.

SCENARIO: Staff Area node only to be accessible by Admins and Moderators.

SCENARIO 1: Category Node - marked as private node with only Admins and Moderators having access, and everyone else marked as Inherited.
SCENARIO 2: Category Node - all user groups set to NO, with exception of Admins and Moderators (Inherited).

Am I correct in stating that both scenarios achieve the same goal, yet there is a risk with Scenario 2 that a user group may not have permissions set to no, and end up exposing that category node?

 

[Mr Lucky]

I believe a private node is more foolproof, in the event you create a new user group and forget to change permissions

 

[jeb35]

Regarding Scenario 2 I think I read somewhere that if they somehow get the actual URL then they can see the node. All staff nodes should be set to private.

 

[Lawrence]

Let's say your admin/moderator only forum is named Staff Only:

Node permissions->Staff Only->Registered: View node set to No
Node permissions->Staff Only->Unregistered / Unconfirmed: View node set to No

If all your Admins belong to the Moderating group as well as the administrative group then:
Node permissions->Staff Only->Moderating: View node set to Yes

If all, or some, of your admins do not belong to the moderating group:
Node permissions->Staff Only->Administrative: View node set to Yes

All other groups should be set to Inherent (that's the default setting, so other user groups View node does not have to be set to No as the registered group already is).

 

[RallyFan]

I believe a private node is more foolproof, in the event you create a new user group and forget to change permissions

I figured that's what it would be.

One is potentially dangerous, the other is foolproof.

Regarding Scenario 2 I think I read somewhere that if they somehow get the actual URL then they can see the node. All staff nodes should be set to private.

Just tested and this is not the case.