XF 2.1 Permissions Double Talk and Total Confusion

[Oldengine]

I'm OK with setting permissions for what a user group should have, but why should an Administrator or Super Moderator also have to be in the Registered and/or other groups? Why the confusion of combining user groups this way instead of simply giving all of the appropriate permissions to each specific group?

Nodes: I'm totally gone here. I have a private discussion board for super moderators, moderators and administrators to discuss moderating issues. This is the board that "reported posts" are directed to. I also have a discussion board for Subscribers in which Sponsors, Moderators, and Administrators are also welcome. There are many boards that are open to all except Unregistered/Unconfirmed. Banned, ofcourse are NOT welcome anywhere.

I think that says it all and it's so darn simple until I attempt to implement it on XenForo. I've got to crack it, or I might as well stay on vB3. (vB3 in fact for 15 years, growing to 1.5 million posts. We've registered 116,794 users over the years, but the actual remaining count is 65,599. If I had started it up on XF, I'd most likely be fine, but it has grown into a monster!

I have read enough of the XF manual and other hints and tips to make my head spin. Can anyone put this configuration problem into siim[;e English?

 

[beerForo]

You do not have to add Mods or Admins to any other groups they are fine in their own. This is the way I have it. But if you use group promotions and member subscriptions you will want to use secondary groups and Registered as the parent, yes.

 

[sbj]

Why the confusion of combining user groups this way instead of simply giving all of the appropriate permissions to each specific group?

Because of duplication and making it more useful. What does this mean?

Imagine you have 10 different usergroups. And imagine you want all of them to "can view nodes", which means they can see the forum categories etc.
Now if it would be the single system, you would have to go to 10 different groups and give all of them the "view nodes" permission.
But the XF way is much better. Since everyone is in the registered group primaly, give this "can view nodes" permission and now all people who are in different 10 groups can view aswell.

Everytime you install an addon (which has a new permission), you would have to give the same permission to all of the groups again and again. Let's say you are unsatisfied with one permission, now you want to revoke it. Now you have to go over all of them again and revoke it. Do you see how tiresome this is?

So, the XF system is cummulative. Everyone, any user (admins, superadmins) etc. should be in the registered usergroup primaly.
Now you think about what ALL of these groups have in common. What do they share together? Probably "can view", "can post" etc. permission. So the commonly shared things, you give that to the registered usergroup. And anytime a new addon comes and implements a new permission like "view calendar, view Resource Manager", you go to registered and give it to it. 1-time and done. No need to go to 10 different groups.

Now, after you set up the common permissions for the registered. Now you can go individually to the other groups and give them their special permissions. Like for admins "can ban" or whatever.

About private nodes. That is easy. You go in ACP to the node and set it to private with a tick. That means now NOBODY can view that node any longer. Now you have to give specifically to each usergroup the "view" permission, just like you wanted in first place. This is a safe mechanism. Nobody ever can see a node accidentally, unless you specifically allowed them in the nodes settings.

Hope this clears up things.

 

[Oldengine]

Posted before I saw sbj's post...

My Subscribers are in the manual mode, you pay, you get changed from Registered to the Subscriber primary group. I used to have Registered, Registered-I, II and III, with automatic promotions and automatic privilege increases, but I striped that all out to simplify the import process.

What's left is Node Permissions with Subscribers Only checked as private a node and the Subscribers inheriting their permissions from their assigned group?

How does setting permissions for individual users work in node settings?

 

[sbj]

My Subscribers are in the manual mode, you pay, you get changed from Registered to the Subscriber primary group.

This is 100% the wrong way. You never ever change the primary usergroup. It should be always the registered one. That should be the core for every each member of your forum, no matter what. Then, you can give to anyone you want multiple secondary usergroups. So your subscribers would be in the secondary usergroup "Subscriber" along being in the usergroup "registered".
Anyone can be in multiple usergroups anyway. One can be moderator, subscriber, registered and gamer. And each secondary usergroups would have their own additions to the core registered usergroup.

What's left is Node Permissions with Subscribers Only checked as private a node and the Subscribers inheriting their permissions from their assigned group?

Globally every user gets their permissions from their usergroup. Then from nodes.
So since that one node is private, nobody can view it. All usergroup permissions are revoked, since it is private.
You you go one level down and the node permission plays a role. So you allow it for the subscribers only and now they can view the node.

How does setting permissions for individual users work?

Easy. You can give any user individual permissions in ACP.

 

[beerForo]

I think he's still on vB3 and changing parent groups is possible with subscriptions., in XF it is not.

 

[sbj]

Ah, right, thought he is on XF.

I think the manual is really well-written. It explains better than I could do.

Feel free to read it and if it is confusing, just ask which part you don't understand. We can help you.

 

[Oldengine]

I’m on my second import taking time to learn as much as I can. vB3 is still my main show, so I’m not under pressure to move. Thank you for the information as it all adds together for me to get a good grip on it. When the final import gets done, I don’t want to look back.