User Group Best Practices

Will Franco · Mar 14, 2022

For admins, I make the primary user group administrator. This methods prevents the registered user group from interfering with the administrative user group. In this forum, the posts say "All members are in the Registered user group as the primary."

What's the downside to the method I'm using?

Brogan · Mar 14, 2022

That's correct.

User groups and permissions - XenForo 2 Manual

xenforo.com

Implementing permissions across multiple user groups

Having logged in to quite a few installations to resolve permission issues, it's clear that a lot of people haven't quite grasped the concept. So here are a few pointers: 1. All members should have the Registered user group as their primary...

xenforo.com

Will Franco · Mar 14, 2022

Brogan said:
That's correct.

User groups and permissions - XenForo 2 Manual

xenforo.com

Implementing permissions across multiple user groups

Having logged in to quite a few installations to resolve permission issues, it's clear that a lot of people haven't quite grasped the concept. So here are a few pointers: 1. All members should have the Registered user group as their primary...

xenforo.com

To confirm, Administors are not referred to a members.

Administrators have the Administrative user group set to the primary, so the registered user permissions don't interfere with it. A good example of this would be a NEVER permission in the Registered user group.

Brogan · Mar 14, 2022

Every registered account is a member.

You can set the permissions up as you wish but I have posted links to how XF has designed the system to be used.

Mr Lucky · Mar 14, 2022

Will Franco said:
A good example of this would be a NEVER permission in the Registered user group.

But why have a never permission assigned to the primary registered group. Obviously you can do what you want, but the usergroup system in xenforo works with all users having registered as primary. If you do something else it just makes things complicated.

Not saying you can't do it, but I like things easy.

Will Franco · Mar 14, 2022

@Mr Lucky Easy is relative. Our use case is non-standard.

To know the best method, a comparison needs to be made based on the requirements of the forum. For starters, I mark most nodes as private and then grant permission at the node. This makes it very easy for me to understand who can access the node (and reduces the chance of error). In the example below, Registered can't view threads by others. Premium can view threads by others. I don't have to worry about the Admin usergroup because it gets a Yes at all nodes and remains unaffected by changes in the other usergroups.

Is it ass backward? Yes. Is there a better way? Probably.

I curious as to how another person would approach the situation (and happy to pay to get that feedback).

Mr Lucky · Mar 14, 2022

Will Franco said:
For starters, I mark most nodes as private and then grant permission at the node.

Me too on one of my forums.

Will Franco said:
Is it ass backward, Yes.

Yes, for xenForo.

Will Franco said:
Is there a better way? Probably.

Yes.

But it is your choice to do it how you want and there is no obligation to follow “best practices” as requested in the thread.

Will Franco · Mar 14, 2022

Example:

Admin Access to nodes

Registered cannot view content NO
Premium can view content YES

Method 1: Standard

Admin is in Registered. I need to give Admin a YES also.

Method 2: Alternative

Admin is in Admin. I don't have to worry about cancelling NO's in the Registered usergroup.

In other words, in the standard set up I need to factor in a potential NO in the registered user group. In the alternative approach, the Admin usergroup is isolated. I don't have to worry about any NO's in the registered usergroup.

How would you approach this situation?

Brogan · Mar 14, 2022

If administrators have access to the premium nodes then they should be in the premium user group.

Remember that administrators have enhanced permissions for the ACP.

They are not necessarily moderators and shouldn't automatically have all permissions in the forum.

Will Franco · Mar 15, 2022

Brogan said:
If administrators have access to the premium nodes then they should be in the premium user group.

That makes sense.

How do I prevent an admin from having multiple user banners?

Will Franco · Mar 28, 2022

@Brogan

How do I get staff to have only the staff banner, and users to have all banners (stacked)? If I can do that, I can fix the admin usergroup.

Kirby · Mar 28, 2022

Will Franco said:
For starters, I mark most nodes as private and then grant permission at the node. This makes it very easy for me to understand who can access the node (and reduces the chance of error).

[...]

I curious as to how another person would approach the situation (and happy to pay to get that feedback).

Seems over-complicated to me, less permissions is usually better and less error-prone.

If you usually do not want Registered to view threads by others but allow that for Premium I would configure exactly that in the usergroups, eg.

Registered: View threads by others = No
Premium: View threads by others = Yes

This way you don't have to touch node permissions at all (except for nodes that have different requirements) and it becomes very clear which nodes have special permissions.

If you instead setup permissions for each (top-level) node every node looks like it has special permissions (because it has).

Will Franco · Mar 29, 2022

Thanks for the feedback; it's invaluable to see another person's way of doing things.

Right now, I mark EVERYTHING private and do permission at the node-level for the following user groups:

Unregistered / Unconfirmed
Registered
Product A, B, C
Premium
TAP 1, 2, 3 and/or ALL

Every node corresponds to a user group. A user can either view / not view a node. It's a brain juice drainer but it's the best way I've been able to figure out so far.

Nodes

Your Products (user group)
- Product A (user group)
- Product B (user group)
- Product C (user group)
Paid Products (user group)
- Product A (link forum)
- Product B (link forum)
- Product C (link forum)
Free for All (user group)
Premium Area (user group)
Premium Content (user group)
TAP (user group) ({chort} {date}]
- Module 1 (user group)
- Module 2 (user group)
- Module 3 (user group)
- Module 4 (user group)
- Module 5 (user group)
- Module 6 (user group)

--

Topview: https://community.vrmb.com/

Thoughts?

Will Franco · Mar 30, 2022

In the above setup, registered is the base permissions. The additional user groups unlock / lock the corresponding node. For example, Premium user group > Premium Area nodee and Premium Content node.

I'm all ears on a better way of doing things. Not sure if the below makes things simpler?

Registered: View threads by others = No
Premium: View threads by others = Yes

Kinda feels like it would complicate the situation.

User Group Best Practices

Will Franco

Active member

Brogan

XenForo moderator

User groups and permissions - XenForo 2 Manual

Implementing permissions across multiple user groups

Will Franco

Active member

User groups and permissions - XenForo 2 Manual

Implementing permissions across multiple user groups

Brogan

XenForo moderator

Mr Lucky

Well-known member

Will Franco

Active member

Mr Lucky

Well-known member

Will Franco

Active member

Brogan

XenForo moderator

Will Franco

Active member

Will Franco

Active member

Kirby

Well-known member

Will Franco

Active member

Will Franco

Active member

Similar threads

We value your privacy