As designed Secondary User Groups

[Sleepwalker]

If you have set your "User Group" to "Administrative" and then set "Secondary User Groups" to a usergroup with less access you will loose some access.

You will still have the "User Title Override" connected to the "Administrative" access.

 

[Mike]

If you're doing things that involve "revoking" access, then that's expected. You must explicitly allow to override a revoke. (If you're using deny, then this cannot be overridden with an allow; deny should be used sparingly, usually to specifically remove things from problematic users.)

User groups do not confer anything automatically. Everything must be laid out explicitly.

 

[Sleepwalker]

Yea but shouldn't the "Primary" group access be the real (primary) access?

 

[Jake Bunce]

This might help:

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/

In particular, I like to emphasize the Creating a private forum section at the bottom of the first post. That seems to be a common source of confusion.

 

[Jake Bunce]

Yea but shouldn't the "Primary" group access be the real (primary) access?

I haven't been able to identify any functional difference between primary and secondary groups in my testing. From what I can tell it's strictly a matter of organization which is what I would expect. Multiple group memberships allow for more flexible permission assignments.

 

[Shaun Mason]

Why would you do that?

 

[Sleepwalker]

Couldn't "Display Styling Priority" be renamed and be used to set the priority of the groups as well?

 

[Jake Bunce]

Couldn't "Display Styling Priority" be renamed and be used to set the priority of the groups as well?

Priority for what? Permissions?

 

[Sleepwalker]

yea

 

[Mike]

If you want permission priority, why even use multiple user groups? The system is designed to allow you to create "roles" effectively, using a combination of simpler units. It sounds like your configuration doesn't want to use secondary groups.

Permission priority doesn't make sense. There is already a defined priority within them. Titles don't have that intrinsically.

 

[Jake Bunce]

yea

Hmm, I don't like that idea.

The current system seems perfectly functional. I can't think of a use case which would require or necessarily benefit from permission priorities.

Is there something specific you are trying to accomplish? I might be able to suggest how you can organize your groups.

 

[Sleepwalker]

The thing is that if one group has access to a forum that the secondary don't and the other way around.
Then you would need to create a 3:rd group that has access to both groups instead of checking both groups for access with the group with highest access / priority first.

 

[Jake Bunce]

The thing is that if one group has access to a forum that the secondary don't and the other way around.
Then you would need to create a 3:rd group that has access to both groups instead of checking both groups for access with the group with highest access / priority first.

xenForo's node permissions don't quite work that way. Rather than specifying disallowed groups you need to specify allowed groups. This approach is actually better once you get used to it.

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/

Creating a private forum

Because of the way Revoke works in xenForo you shouldn't use it to restrict a private forum. Instead you should use a special feature in xenForo called Private node. You will see the Private node checkbox when editing the permissions for a specific node. This basically inverts the permissions so that you can specify Allowed groups instead of Revoked groups. This is actually better for group management if you add more groups later.

Admin CP -> Users -> Permissions -> Node Permissions -> [select a forum] -> Private node
​