• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

As designed  Secondary User Groups

#1
If you have set your "User Group" to "Administrative" and then set "Secondary User Groups" to a usergroup with less access you will loose some access.

You will still have the "User Title Override" connected to the "Administrative" access.
 

Mike

XenForo developer
Staff member
#2
If you're doing things that involve "revoking" access, then that's expected. You must explicitly allow to override a revoke. (If you're using deny, then this cannot be overridden with an allow; deny should be used sparingly, usually to specifically remove things from problematic users.)

User groups do not confer anything automatically. Everything must be laid out explicitly.
 

Jake Bunce

XenForo moderator
Staff member
#5
Yea but shouldn't the "Primary" group access be the real (primary) access?
I haven't been able to identify any functional difference between primary and secondary groups in my testing. From what I can tell it's strictly a matter of organization which is what I would expect. Multiple group memberships allow for more flexible permission assignments.
 

Mike

XenForo developer
Staff member
#10
If you want permission priority, why even use multiple user groups? The system is designed to allow you to create "roles" effectively, using a combination of simpler units. It sounds like your configuration doesn't want to use secondary groups.

Permission priority doesn't make sense. There is already a defined priority within them. Titles don't have that intrinsically.
 

Jake Bunce

XenForo moderator
Staff member
#11
Hmm, I don't like that idea. :D

The current system seems perfectly functional. I can't think of a use case which would require or necessarily benefit from permission priorities.

Is there something specific you are trying to accomplish? I might be able to suggest how you can organize your groups.
 
#12
The thing is that if one group has access to a forum that the secondary don't and the other way around.
Then you would need to create a 3:rd group that has access to both groups instead of checking both groups for access with the group with highest access / priority first.
 

Jake Bunce

XenForo moderator
Staff member
#13
The thing is that if one group has access to a forum that the secondary don't and the other way around.
Then you would need to create a 3:rd group that has access to both groups instead of checking both groups for access with the group with highest access / priority first.
xenForo's node permissions don't quite work that way. Rather than specifying disallowed groups you need to specify allowed groups. This approach is actually better once you get used to it.

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/

Creating a private forum

Because of the way Revoke works in xenForo you shouldn't use it to restrict a private forum. Instead you should use a special feature in xenForo called Private node. You will see the Private node checkbox when editing the permissions for a specific node. This basically inverts the permissions so that you can specify Allowed groups instead of Revoked groups. This is actually better for group management if you add more groups later.

Admin CP -> Users -> Permissions -> Node Permissions -> [select a forum] -> Private node