What's the Difference Between Permission Types?

Mr_Bob

Mr_Bob

Well-known member
Hey all,
I started running XF on a test site with an imported copy of my 3.8 database. After the import, there were a few annoyances with forum permissions, notably when I select "Inherit" which to me means "defualt to parent" and if that were inherit "default based on usergroup permissions" there were instances where I could not post until I checked "allow" specifically.

So, can anyone explain the difference between Inherit, allow, revoke, and deny (revoke and deny seem to be the same thing for example).

What's the Difference Between Permission Types?
 
Sort by date Sort by votes
Inherit = not explicitly set, will inherit from higher permission sets
Allow = like a Yes in vB
Revoke = like a No in vB
Deny = overriding No, user won't have this permission even if there is an Allow elsewhere

edit - actually I found out that Revoke isn't quite like a No in vB. In the Node Permissions an explicit Revoke will override an inherited Allow which is different than vB. Only an explicit Allow can override an Revoke.

edit - added guide:

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/
 
Upvote 0 Downvote
Anyone know how inherit explicitly works? What's it inheriting from, forum from Category for example? Need to get this right before embarking on a few more installs tomorrow ..
 
Upvote 0 Downvote
Jethro said:
Anyone know how inherit explicitly works? What's it inheriting from, forum from Category for example? Need to get this right before embarking on a few more installs tomorrow ..
Click to expand...

Based on my understanding of the current system...

These are the levels of permissions:

Admin CP -> Users -> Permissions

The User Group Permissions define the base permissions. Then the User Permissions are an optional set of permissions that can be defined for individual users. These two sets merge together to form the base permissions for a user. There isn't inheritance at this level which is why the word "Default" is used instead of "Inherit." I think "Not Set" might be more appropriate.

Then you have the Node Permissions. These permissions are inherited from the previous two sets. In addition, node permissions of a parent node are inherited by child nodes. You can set node permissions per group and per user, and these two sets of permissions merge together to determine a user's final permissions per node.

I have experimented with the permissions and I am pretty sure I got this right.

edit - added guide:

http://xenforo.com/community/threads/1-0-0-b1-understanding-permissions.5830/
 
Upvote 0 Downvote
Thanks for the info Jake, that really makes things much clearer :).

One more question, what exactly defines the "default" group permission? There's allow, deny, and default, and I'm not exactly how default is defined. It also seems like admins / mods are handled very differently. The administrator group, for example, is given no moderation rights in the usergroup, and they need to be specified as a moderator and administrator, or have information changed in the administrator usergroup.

OK, maybe one more question :D. Why add an administrator as a secondary usegroup, rather than having the administrator in the admin group? Is there anything special that comes of it?
 
Upvote 0 Downvote
Mr_Bob said:
One more question, what exactly defines the "default" group permission? There's allow, deny, and default, and I'm not exactly how default is defined.
Click to expand...

I think of it as "Not Set." It results in a No if no other permission sets have an Allow there.

Mr_Bob said:
It also seems like admins / mods are handled very differently. The administrator group, for example, is given no moderation rights in the usergroup, and they need to be specified as a moderator and administrator, or have information changed in the administrator usergroup.
Click to expand...

Moderator permissions can be granted at the group level or user level. Admin permissions can only be granted at the user level.

Mr_Bob said:
OK, maybe one more question :D. Why add an administrator as a secondary usegroup, rather than having the administrator in the admin group? Is there anything special that comes of it?
Click to expand...

You can use the admin group as a primary group. It doesn't seem to make a difference in terms of permissions. I experimented with this recently.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

securedme
  • Question Question
XF 2.2 What's the difference between two options for Thumbnail Attachment Quality?
Replies
1
Views
235
beerForo
beerForo
Will Franco
  • Question Question
RM 2.2 [Resources ] What's the difference between Post a new version vs Post an update?
Replies
8
Views
23K
Andy.N
A
GW2
  • Solved
XF 2.2 What is the difference between member types?
Replies
3
Views
463
Ozzy47
Ozzy47
Earl
  • Solved
XF 2.2 "+" sign in route matching syntax meaning? :+int vs :int what's the difference?
Replies
1
Views
415
Mike
Mike
gogo
  • Question Question
XF 2.1 What's the difference between 2 Preview buttons in post thread template?
Replies
1
Views
372
Paul B
Paul B
Top Bottom