Permissions Guidance


Active member
Hello all,

First of all, I need to mention that the system that I have designed is pretty heavily revolved a multi-client system. What this means is that all of our clients uses the same exact system throughout the entire website. That means 1 XenForo Installation across all of our clients.

This is what we currently have:

We have of course Client Memberships, and there we have a list of all members that are associated with that specific client. In that list we have a cache of what permissions that they can do, I use the Permission System currently designed by XenForo. My issue is now that we are having more than 5,000 members, and growing fast. It is taking an awful long time to just add a new permission when I am developing.

The structure is pretty simple and straight forward.

I have

permission_client_entry table, that holds what client membership, and whether that membership has permission or not, it is very similar to the xf_permission_entry_content table. Except rather than using user group id, because we don't want all of our users part of a specific group to have access to another client unless they are part of it. So that is why we split it up.

Then we have what we call Sections, and these sections are like sub-sites for each client. There they can create their own site environment to provide content to their members. The same structure as the client memberships, we have section memberships, and a list of all section members who are associated to a specific section.

So in the concept we have "System" which is the default, then it goes Client then, Section.

Is there a better way to do the permissions than what I am doing? Is there some tricks to the current XenForo Permission System that I can use, I kinda understand that the entry content provided can grant access to specific nodes to specific user groups and or users.

I understand that basically a permission combination is created for each user group and if any modifications to the user themselves they get their own permission combination.

What I have tried in the past was extending the xf_permission_combination, adding additional columns to hold the client membership list, section membership list etc. but that didn't work well back when I tried it. Although I have come a long ways since the last time I have worked with the permissions.

How can I design or make it so that I can have something like this

User Group

Any ideas?