polle
Active member
And I view it, but nothing else. I cant create any thread in that private node.
Any advice ?
-
This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.
Understanding Permissions
- Thread starter Jake Bunce
- Start date
And I view it, but nothing else. I cant create any thread in that private node.
Any advice ?
gldtn
Well-known member
Make sure you have "Allow new messages to be posted in this forum" and if you set it to private, make sure that under that specific forum you set permission for the specific user to allow them to post on there.
Under the forum permission you should see a box where you can type the username and sit it's permission. This is how I got mine to work!
Under the forum permission you should see a box where you can type the username and sit it's permission. This is how I got mine to work!
polle
Active member
The "Allow new messages to be posted in this forum" was unchecked.
Thanks to both, working now.
Jake Bunce
Well-known member
There must be a "Never" permission somewhere. "Never" permissions are overriding. Check the permissions for your other usergroups.
Also make sure this is enabled for that forum:
Admin CP -> Applications -> Display Node Tree -> [click the forum] -> Forum Options: Allow new messages to be posted in this forum
polle
Active member
Bolaji
New member
Hi guys!
This thread might be the SINGLE MOST HELPFUL ONE on here!
Thanks for keeping the education going.
Question: I've set up a private forum, and I'm granting access to individual users.
(See screencap as an example: http://screencast.com/t/W7nuLgmms)
Is it possible for me (the admin) to see a list of who has access to that private forum?
I imagine I will lose track of whom I've given access to, otherwise.
Thanks!
This thread might be the SINGLE MOST HELPFUL ONE on here!
Thanks for keeping the education going.
Question: I've set up a private forum, and I'm granting access to individual users.
(See screencap as an example: http://screencast.com/t/W7nuLgmms)
Is it possible for me (the admin) to see a list of who has access to that private forum?
I imagine I will lose track of whom I've given access to, otherwise.
Thanks!
Having logged in to quite a few installations to resolve permission issues, it's clear that a lot of people haven't quite grasped the concept.
So here are a few pointers:
1. All members should be in the Registered group as their Primary - that includes moderators, administrators and super administrators.
2. Set the Registered user group to the minimum permissions you want all members to have. Set those permissions you want them to have to Allow, leave everything else at Not Set (No). Do not use Never as it can't be overridden.
3. For any additional user groups, only change the specific permissions which differ from the settings in the Registered user group - all other permissions can be left at Not Set (No) - and add members to them as Secondary groups.
The reason for doing it like this is it makes it very easy to manage every member with a single permission change.
For example, let's assume Edit post by self is not permitted for regular members - so leave it at Not Set (No) for the Registered user group.
Then if you have a trusted user group which is allowed to edit posts, just set that specific permission to Allow, leave everything else at Not Set (No) and add the members you wish to it as a Secondary user group. So it's just a single permission change in that group and any members you now wish to be able to edit posts, you just add them to the group.
However, let's take another scenario.
Let's assume for some reason you have allowed members the ability to delete posts but now you want to stop that. As everyone is in the Registered user group as the primary and that permission is set to Allow, to remove it from everyone all you need to do is set it to Not Set (No).
If you have members in different user groups as their primary or have that permission set to Allow on more than one group, then it won't be quite so simple to do that, you will have to do it for every user group.
Here's an example using the actual permissions from my own site.
Registered users can't edit or delete posts:
Those in the trusted member group can though:
So the combined permissions for someone who is in both groups, looks like this:
I don't need to explicitly set everything to Allow in the trusted member group as those permissions are already set in the Registered user group.
The same principle applies to any additional permissions and user groups.
It also applies to nodes, just allow or revoke specific permissions for specific groups as required.
The more user groups you have, the more beneficial this approach becomes.
I have 20 user groups for example, but I can disable a specific permissions for all of them with a single click in the Registered user group.
So the cumulative permissions feature is very powerful and makes it extremely easy to mass manage permissions, if everything is configured correctly.
So here are a few pointers:
1. All members should be in the Registered group as their Primary - that includes moderators, administrators and super administrators.
2. Set the Registered user group to the minimum permissions you want all members to have. Set those permissions you want them to have to Allow, leave everything else at Not Set (No). Do not use Never as it can't be overridden.
3. For any additional user groups, only change the specific permissions which differ from the settings in the Registered user group - all other permissions can be left at Not Set (No) - and add members to them as Secondary groups.
The reason for doing it like this is it makes it very easy to manage every member with a single permission change.
For example, let's assume Edit post by self is not permitted for regular members - so leave it at Not Set (No) for the Registered user group.
Then if you have a trusted user group which is allowed to edit posts, just set that specific permission to Allow, leave everything else at Not Set (No) and add the members you wish to it as a Secondary user group. So it's just a single permission change in that group and any members you now wish to be able to edit posts, you just add them to the group.
However, let's take another scenario.
Let's assume for some reason you have allowed members the ability to delete posts but now you want to stop that. As everyone is in the Registered user group as the primary and that permission is set to Allow, to remove it from everyone all you need to do is set it to Not Set (No).
If you have members in different user groups as their primary or have that permission set to Allow on more than one group, then it won't be quite so simple to do that, you will have to do it for every user group.
Here's an example using the actual permissions from my own site.
Registered users can't edit or delete posts:
Those in the trusted member group can though:
So the combined permissions for someone who is in both groups, looks like this:
I don't need to explicitly set everything to Allow in the trusted member group as those permissions are already set in the Registered user group.
The same principle applies to any additional permissions and user groups.
It also applies to nodes, just allow or revoke specific permissions for specific groups as required.
The more user groups you have, the more beneficial this approach becomes.
I have 20 user groups for example, but I can disable a specific permissions for all of them with a single click in the Registered user group.
So the cumulative permissions feature is very powerful and makes it extremely easy to mass manage permissions, if everything is configured correctly.
Digital Doctor
Well-known member
maybe a video targeting the most common mistakes would help.
probably worth the time investment.
less mistakes = less support.
probably worth the time investment.
less mistakes = less support.
erich37
Well-known member
many thanks Brogan for this explanation! Now it gets clearer for me of how "User Group Permissions" works.....
I still do not understand what "User Group Promotions" is and how this works or how this is integrated into "User Groups".
Do you have an example for when to use this?
I still do not understand what "User Group Promotions" is and how this works or how this is integrated into "User Groups".
Do you have an example for when to use this?
I provided a (hopefully) good example of that in the manual: http://xenforo.com/help/user-group-promotions/
Essentially it's an automatic system for adding and removing members to secondary user groups, based on certain criteria.
Essentially it's an automatic system for adding and removing members to secondary user groups, based on certain criteria.
Apokalupsis
Active member
Indeed, I know I'm one of them. The permission system in XF appears to be the most complex out of any other forum system I've used (about a dozen or so). I'm not sure why it has to be so seemingly complex and convoluted. It is the one thing I dislike about XF (and in fact, it is what I consider to be XF's one fundamental flaw and weakness when compared to its competitors) and is the reason why I've delayed moving my community with 45 forums, several private user groups, and several private forums over to XF. I wish it was a more traditional system, and I'm not sure why it uses the setup that it currently does. It just seems counterintuitive (given the logical structure of traditional forum permissions in other systems).
I'm sure I'll get it eventually, it will just have to take some time, patience and energy for me to undertake the task.
Apokalupsis
Active member
I'm hoping I find that to be true when I make the switch (it hasn't deterred me, just delayed me). I think what I'm most concerned about is the many private forums I have and ensuring that the permissions are setup properly. The confidence of my members requires this to be done correctly and be done the first time.
Ingenious
Well-known member
I disagree, but do acknowledge it's different than other systems. Private forums are particularly easy. All the permissions can be "not set" for all usergroups and therefore no-one can see or access them. Just create a new usergroup for each private forum and in that usergroup change view node to "allow" - yes literally just one permission in one new usergroup. Then it is just a case of ticking that member as being in that additional usergroup to have access to that private forum. It allows any number of private forums in any combination without complicated mutliple groups for every eventuality.
Apokalupsis
Active member
You disagree that it is the most complex out of any other forum software I've personally used?
That's quite a disagreement. heheI appreciate your feedback and instruction however, and will refer to it once I begin setting up my test board for the transfer.
However, I don't understand this statement:
Can you expand on that?
For instance, I have several usergroups because I have several private forums.
Let' say I have the following forums.
Staff - private
Public
Forum A - private
Forum B - private
Forum C - private
Now...points to consider...
- No one but staff has access to the staff forums.
- Select staff members have access to select private forums (eg 1 staffer may have access to Forum A (but not B), another staffer may have access to Forum B (but not A), all staffers have access to Forum C).
- Group A forum non-staff members do not have access to Forum B, but some of these forum members may have access to Forum C.
- Group B forum non-staff members do not have access to Forum A, but some may have access to Forum C.
- Some members who have access to Forum C do not have access to any other private forums except this one.
But wouldn't I have to create a new usergroup for each possible combination? Like:
Group 1 = staff member w/ access to only Forum C
Group 2 = staff member w/ access to A and C
Group 3 = staff member w/ access to B and C
Group 4 = member w/ access to A only
Group 5 = member w/ access to B only
...then group with access to C only, then another group with A & C, B & C, etc...
Your statement says this is not the case at all (as I understand it). Which would be nice, but I'm not getting how it's done exactly, other than the example above.
Admittedly, I've only read the op and the additional explanation above by Brogan. It's possible this has already been explained elsewhere in the thread.
Jake Bunce
Well-known member
No.
Create a group for each individual private forum. Then, per the first post, setup each forum as a private node, only granting access to the respective groups that represent access to those forums:
Now you can grant a user access to any combination of private forums by putting them into any combination of those groups. The permutations are made by putting users into different combinations of groups, not by creating individual groups to represent all of those combinations.
Ingenious
Well-known member
Jake's spot on. With a usergroup for each private forum (on its own) it is simply a case of adding any member to any number of private forums just by ticking on their profile they are members of the corresponding usergroups. So three private forums only require three additional usergroups for any combination of access. To add or remove any member from any private forum at any time, just tick or untick membership to that corresponding usergroup.
Once you get your test forum set up give it a go.
Once you get your test forum set up give it a go.
Is it possible to restrict access to a private forum at the same time it is visible? I can't get this scenario to work. When I mark the forum as a private node it's not visible any more. I would like to have a text below the forum name with a link to a page where the users can apply for membership with this tool (http://xenforo.com/community/resources/join-user-group-by-waindigo.225/).
