1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What's the Difference Between Permission Types?

Discussion in 'XenForo Questions and Support' started by Mr_Bob, Oct 6, 2010.

  1. Mr_Bob

    Mr_Bob Well-Known Member

    Hey all,
    I started running XF on a test site with an imported copy of my 3.8 database. After the import, there were a few annoyances with forum permissions, notably when I select "Inherit" which to me means "defualt to parent" and if that were inherit "default based on usergroup permissions" there were instances where I could not post until I checked "allow" specifically.

    So, can anyone explain the difference between Inherit, allow, revoke, and deny (revoke and deny seem to be the same thing for example).

    What's the Difference Between Permission Types?
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Inherit = not explicitly set, will inherit from higher permission sets
    Allow = like a Yes in vB
    Revoke = like a No in vB
    Deny = overriding No, user won't have this permission even if there is an Allow elsewhere

    edit - actually I found out that Revoke isn't quite like a No in vB. In the Node Permissions an explicit Revoke will override an inherited Allow which is different than vB. Only an explicit Allow can override an Revoke.

    edit - added guide:

    iaresee and Jethro like this.
  3. jonsidneyb

    jonsidneyb Well-Known Member

    That sounds similar to SMF
    cheeseshredder likes this.
  4. Jethro

    Jethro Well-Known Member

    Anyone know how inherit explicitly works? What's it inheriting from, forum from Category for example? Need to get this right before embarking on a few more installs tomorrow ..
  5. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Based on my understanding of the current system...

    These are the levels of permissions:

    Admin CP -> Users -> Permissions

    The User Group Permissions define the base permissions. Then the User Permissions are an optional set of permissions that can be defined for individual users. These two sets merge together to form the base permissions for a user. There isn't inheritance at this level which is why the word "Default" is used instead of "Inherit." I think "Not Set" might be more appropriate.

    Then you have the Node Permissions. These permissions are inherited from the previous two sets. In addition, node permissions of a parent node are inherited by child nodes. You can set node permissions per group and per user, and these two sets of permissions merge together to determine a user's final permissions per node.

    I have experimented with the permissions and I am pretty sure I got this right.

    edit - added guide:

  6. Mr_Bob

    Mr_Bob Well-Known Member

    Thanks for the info Jake, that really makes things much clearer :).

    One more question, what exactly defines the "default" group permission? There's allow, deny, and default, and I'm not exactly how default is defined. It also seems like admins / mods are handled very differently. The administrator group, for example, is given no moderation rights in the usergroup, and they need to be specified as a moderator and administrator, or have information changed in the administrator usergroup.

    OK, maybe one more question :D. Why add an administrator as a secondary usegroup, rather than having the administrator in the admin group? Is there anything special that comes of it?
  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I think of it as "Not Set." It results in a No if no other permission sets have an Allow there.

    Moderator permissions can be granted at the group level or user level. Admin permissions can only be granted at the user level.

    You can use the admin group as a primary group. It doesn't seem to make a difference in terms of permissions. I experimented with this recently.
    TWTCommish and Mr_Bob like this.

Share This Page