• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

Understanding Permissions

gldtn

Well-known member
Make sure you have "Allow new messages to be posted in this forum" and if you set it to private, make sure that under that specific forum you set permission for the specific user to allow them to post on there.

Under the forum permission you should see a box where you can type the username and sit it's permission. This is how I got mine to work!
 

polle

Active member
Make sure you have "Allow new messages to be posted in this forum" and if you set it to private, make sure that under that specific forum you set permission for the specific user to allow them to post on there.

Under the forum permission you should see a box where you can type the username and sit it's permission. This is how I got mine to work!
The "Allow new messages to be posted in this forum" was unchecked.

Thanks to both, working now.
 

Jake Bunce

XenForo moderator
Staff member
Well this is very confusing. I am trying to create a private forum for admin and supermoderators, just that.

I create the node.
I set it to private.
In groups below "private" I set admin everything to green and its not working, just see the forum, but without being able to post.
Everything gray and create threads in green, not working, everything green and publish to yellow, not working...

So I am an admin who creates a private forum that cant post in it.

Can someone explain why not a single combination works ?

Thanks.
There must be a "Never" permission somewhere. "Never" permissions are overriding. Check the permissions for your other usergroups.

Also make sure this is enabled for that forum:

Admin CP -> Applications -> Display Node Tree -> [click the forum] -> Forum Options: Allow new messages to be posted in this forum
 

polle

Active member
There must be a "Never" permission somewhere. "Never" permissions are overriding. Check the permissions for your other usergroups.

Also make sure this is enabled for that forum:

Admin CP -> Applications -> Display Node Tree -> [click the forum] -> Forum Options: Allow new messages to be posted in this forum
Thanks Jake, got it working now :)
 
Hi guys!

This thread might be the SINGLE MOST HELPFUL ONE on here!
Thanks for keeping the education going.

Question: I've set up a private forum, and I'm granting access to individual users.
(See screencap as an example: http://screencast.com/t/W7nuLgmms)

Is it possible for me (the admin) to see a list of who has access to that private forum?
I imagine I will lose track of whom I've given access to, otherwise.

Thanks!
 

Brogan

XenForo moderator
Staff member
Click on the Node Permissions link for the node in question.

User groups will be highlighted and a list of users will be below the groups.
 

Brogan

XenForo moderator
Staff member
Having logged in to quite a few installations to resolve permission issues, it's clear that a lot of people haven't quite grasped the concept.

So here are a few pointers:

1. All members should be in the Registered group as their Primary - that includes moderators, administrators and super administrators.

2. Set the Registered user group to the minimum permissions you want all members to have. Set those permissions you want them to have to Allow, leave everything else at Not Set (No). Do not use Never as it can't be overridden.

3. For any additional user groups, only change the specific permissions which differ from the settings in the Registered user group - all other permissions can be left at Not Set (No) - and add members to them as Secondary groups.

The reason for doing it like this is it makes it very easy to manage every member with a single permission change.

For example, let's assume Edit post by self is not permitted for regular members - so leave it at Not Set (No) for the Registered user group.
Then if you have a trusted user group which is allowed to edit posts, just set that specific permission to Allow, leave everything else at Not Set (No) and add the members you wish to it as a Secondary user group. So it's just a single permission change in that group and any members you now wish to be able to edit posts, you just add them to the group.

However, let's take another scenario.
Let's assume for some reason you have allowed members the ability to delete posts but now you want to stop that. As everyone is in the Registered user group as the primary and that permission is set to Allow, to remove it from everyone all you need to do is set it to Not Set (No).
If you have members in different user groups as their primary or have that permission set to Allow on more than one group, then it won't be quite so simple to do that, you will have to do it for every user group.

Here's an example using the actual permissions from my own site.
Registered users can't edit or delete posts:
registered.png

Those in the trusted member group can though:
trusted.png

So the combined permissions for someone who is in both groups, looks like this:
combined.png

I don't need to explicitly set everything to Allow in the trusted member group as those permissions are already set in the Registered user group.

The same principle applies to any additional permissions and user groups.

It also applies to nodes, just allow or revoke specific permissions for specific groups as required.

The more user groups you have, the more beneficial this approach becomes.
I have 20 user groups for example, but I can disable a specific permissions for all of them with a single click in the Registered user group.

So the cumulative permissions feature is very powerful and makes it extremely easy to mass manage permissions, if everything is configured correctly.
 

erich37

Well-known member
many thanks Brogan for this explanation! Now it gets clearer for me of how "User Group Permissions" works.....

I still do not understand what "User Group Promotions" is and how this works or how this is integrated into "User Groups".
Do you have an example for when to use this?
 
Having logged in to quite a few installations to resolve permission issues, it's clear that a lot of people haven't quite grasped the concept.
Indeed, I know I'm one of them. The permission system in XF appears to be the most complex out of any other forum system I've used (about a dozen or so). I'm not sure why it has to be so seemingly complex and convoluted. It is the one thing I dislike about XF (and in fact, it is what I consider to be XF's one fundamental flaw and weakness when compared to its competitors) and is the reason why I've delayed moving my community with 45 forums, several private user groups, and several private forums over to XF. I wish it was a more traditional system, and I'm not sure why it uses the setup that it currently does. It just seems counterintuitive (given the logical structure of traditional forum permissions in other systems).

I'm sure I'll get it eventually, it will just have to take some time, patience and energy for me to undertake the task.
 

Brogan

XenForo moderator
Staff member
It's actually very powerful and flexible.

I have over 20 user groups yet I can stop all of them posting with one simple checkbox.

Personally I think it's one of the best things about the software.
 
I'm hoping I find that to be true when I make the switch (it hasn't deterred me, just delayed me). I think what I'm most concerned about is the many private forums I have and ensuring that the permissions are setup properly. The confidence of my members requires this to be done correctly and be done the first time.
 

Ingenious

Well-known member
Indeed, I know I'm one of them. The permission system in XF appears to be the most complex out of any other forum system I've used (about a dozen or so).
I disagree, but do acknowledge it's different than other systems. Private forums are particularly easy. All the permissions can be "not set" for all usergroups and therefore no-one can see or access them. Just create a new usergroup for each private forum and in that usergroup change view node to "allow" - yes literally just one permission in one new usergroup. Then it is just a case of ticking that member as being in that additional usergroup to have access to that private forum. It allows any number of private forums in any combination without complicated mutliple groups for every eventuality.
 
I disagree, but do acknowledge it's different than other systems.
You disagree that it is the most complex out of any other forum software I've personally used? :) That's quite a disagreement. hehe

I appreciate your feedback and instruction however, and will refer to it once I begin setting up my test board for the transfer.

However, I don't understand this statement:
It allows any number of private forums in any combination without complicated mutliple groups for every eventuality.
Can you expand on that?

For instance, I have several usergroups because I have several private forums.

Let' say I have the following forums.

Staff - private
Public
Forum A - private
Forum B - private
Forum C - private

Now...points to consider...
  1. No one but staff has access to the staff forums.
  2. Select staff members have access to select private forums (eg 1 staffer may have access to Forum A (but not B), another staffer may have access to Forum B (but not A), all staffers have access to Forum C).
  3. Group A forum non-staff members do not have access to Forum B, but some of these forum members may have access to Forum C.
  4. Group B forum non-staff members do not have access to Forum A, but some may have access to Forum C.
  5. Some members who have access to Forum C do not have access to any other private forums except this one.
Given this setup, I'm not entirely sure I follow your quoted statement above. There are a number of private forums, and I have quite a few different combinations...but I'm not sure how this is done without using multiple usergroups exactly.

But wouldn't I have to create a new usergroup for each possible combination? Like:

Group 1 = staff member w/ access to only Forum C
Group 2 = staff member w/ access to A and C
Group 3 = staff member w/ access to B and C
Group 4 = member w/ access to A only
Group 5 = member w/ access to B only
...then group with access to C only, then another group with A & C, B & C, etc...

Your statement says this is not the case at all (as I understand it). Which would be nice, but I'm not getting how it's done exactly, other than the example above.

Admittedly, I've only read the op and the additional explanation above by Brogan. It's possible this has already been explained elsewhere in the thread.
 

Jake Bunce

XenForo moderator
Staff member
But wouldn't I have to create a new usergroup for each possible combination?
No.

Create a group for each individual private forum. Then, per the first post, setup each forum as a private node, only granting access to the respective groups that represent access to those forums:

Creating a private forum

Because of the way Revoke works in xenForo you shouldn't use it to restrict a private forum. Instead you should use a special feature in xenForo called Private node. You will see the Private node checkbox when editing the permissions for a specific node. This basically inverts the permissions so that you can specify Allowed groups instead of Revoked groups. This is actually better for group management if you add more groups later.

Admin CP -> Users -> Node Permissions -> [select a forum] -> Private node
Now you can grant a user access to any combination of private forums by putting them into any combination of those groups. The permutations are made by putting users into different combinations of groups, not by creating individual groups to represent all of those combinations.
 

Ingenious

Well-known member
Jake's spot on. With a usergroup for each private forum (on its own) it is simply a case of adding any member to any number of private forums just by ticking on their profile they are members of the corresponding usergroups. So three private forums only require three additional usergroups for any combination of access. To add or remove any member from any private forum at any time, just tick or untick membership to that corresponding usergroup.

Once you get your test forum set up give it a go.