• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What's the Difference Between Permission Types?

Mr_Bob

Well-known member
#1
Hey all,
I started running XF on a test site with an imported copy of my 3.8 database. After the import, there were a few annoyances with forum permissions, notably when I select "Inherit" which to me means "defualt to parent" and if that were inherit "default based on usergroup permissions" there were instances where I could not post until I checked "allow" specifically.

So, can anyone explain the difference between Inherit, allow, revoke, and deny (revoke and deny seem to be the same thing for example).

What's the Difference Between Permission Types?
 

Jake Bunce

XenForo moderator
Staff member
#2
Inherit = not explicitly set, will inherit from higher permission sets
Allow = like a Yes in vB
Revoke = like a No in vB
Deny = overriding No, user won't have this permission even if there is an Allow elsewhere

edit - actually I found out that Revoke isn't quite like a No in vB. In the Node Permissions an explicit Revoke will override an inherited Allow which is different than vB. Only an explicit Allow can override an Revoke.

edit - added guide:

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/
 

Jethro

Well-known member
#4
Anyone know how inherit explicitly works? What's it inheriting from, forum from Category for example? Need to get this right before embarking on a few more installs tomorrow ..
 

Jake Bunce

XenForo moderator
Staff member
#5
Anyone know how inherit explicitly works? What's it inheriting from, forum from Category for example? Need to get this right before embarking on a few more installs tomorrow ..
Based on my understanding of the current system...

These are the levels of permissions:

Admin CP -> Users -> Permissions

The User Group Permissions define the base permissions. Then the User Permissions are an optional set of permissions that can be defined for individual users. These two sets merge together to form the base permissions for a user. There isn't inheritance at this level which is why the word "Default" is used instead of "Inherit." I think "Not Set" might be more appropriate.

Then you have the Node Permissions. These permissions are inherited from the previous two sets. In addition, node permissions of a parent node are inherited by child nodes. You can set node permissions per group and per user, and these two sets of permissions merge together to determine a user's final permissions per node.

I have experimented with the permissions and I am pretty sure I got this right.

edit - added guide:

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/
 

Mr_Bob

Well-known member
#6
Thanks for the info Jake, that really makes things much clearer :).

One more question, what exactly defines the "default" group permission? There's allow, deny, and default, and I'm not exactly how default is defined. It also seems like admins / mods are handled very differently. The administrator group, for example, is given no moderation rights in the usergroup, and they need to be specified as a moderator and administrator, or have information changed in the administrator usergroup.

OK, maybe one more question :D. Why add an administrator as a secondary usegroup, rather than having the administrator in the admin group? Is there anything special that comes of it?
 

Jake Bunce

XenForo moderator
Staff member
#7
One more question, what exactly defines the "default" group permission? There's allow, deny, and default, and I'm not exactly how default is defined.
I think of it as "Not Set." It results in a No if no other permission sets have an Allow there.

It also seems like admins / mods are handled very differently. The administrator group, for example, is given no moderation rights in the usergroup, and they need to be specified as a moderator and administrator, or have information changed in the administrator usergroup.
Moderator permissions can be granted at the group level or user level. Admin permissions can only be granted at the user level.

OK, maybe one more question :D. Why add an administrator as a secondary usegroup, rather than having the administrator in the admin group? Is there anything special that comes of it?
You can use the admin group as a primary group. It doesn't seem to make a difference in terms of permissions. I experimented with this recently.