Disallow and Deny - What's the difference when it comes down to permissions: Difference between revisions From Online Manual

Jump to: navigation, search
(Is this really friendly enough for the BFG?)
(wikification. repetition. inclusive = additive.)
Line 1: Line 1:
SMF normally uses an "inclusive" permissions system. What this generally means is that any user has '''all''' permissions granted by '''any''' group that a user belongs to. If any membergroup that a user belongs to has a permission '''allowed''', then that user will be allowed that permission, regardless of any group that is set to '''disallow'''.
SMF normally uses an "inclusive" permissions system. In other words, permissions are normally "additive". Normally user has '''all''' permissions granted by '''any''' group that a user belongs to. If any membergroup that a user belongs to has a permission '''allowed''', then that user will be allowed that permission, regardless of any group that is set to '''disallow'''.


example:<br>
example:
Group 1 has '''allow''' set for post new topics, without requiring approval<br>
*Group 1 has '''allow''' set for post new topics, without requiring approval
Group 2 has '''disallow''' set for that same option.<br>
*Group 2 has '''disallow''' set for that same option.
--- If a user belongs to both Group 1 and Group 2, then the user is '''allowed''' to post new topics, without requiring approval.
*--- If a user belongs to both Group 1 and Group 2, then the user is '''allowed''' to post new topics, without requiring approval.


The addition of the '''deny''' option changes this. '''Deny''' is an "exclusive" permission. If any membergroup that a user belongs to has a permission '''denied''', then that user will be denied that permission, regardless of any group that is set to '''allow'''.
"Deny" changes everything. '''Deny''' is an "exclusive" permission. If any membergroup that a user belongs to has a permission '''denied''', then that user will be denied that permission, regardless of any group that is set to '''allow'''.


example:<br>
example:
Group 1 has '''allow''' set for post new topics, without requiring approval<br>
* Group 1 has '''allow''' set for post new topics, without requiring approval
Group 2 has '''deny''' set for that same option.<br>
* Group 2 has '''deny''' set for that same option.
--- If a user belongs to both Group 1 and Group 2, then the user is '''denied''' the right to post new topics, without requiring approval.
* --- If a user belongs to both Group 1 and Group 2, then the user is '''denied''' the right to post new topics, without requiring approval.


Many administrators will use the '''deny''' setting in a post count based group to prevent new users from making changes to their profiles, or from making posts without approval.
Many administrators will use the '''deny''' setting in a post count based group to prevent new users from making changes to their profiles, or from making posts without approval.


Note: This can become complicated to track when a '''deny''' permission is set in more than one group, and users belong to more than one of those groups. Be careful and frugal with the use of the '''deny''' permission setting.
Note: This can become complicated to track when a '''deny''' permission is set in more than one group, and users belong to more than one of those groups. Be careful and frugal with the use of the '''deny''' permission setting. They are easy to lose track of.


[[Category:FAQ]][[Category:BFG]]
[[Category:FAQ]][[Category:BFG]]

Revision as of 16:24, 10 January 2014

SMF normally uses an "inclusive" permissions system. In other words, permissions are normally "additive". Normally user has all permissions granted by any group that a user belongs to. If any membergroup that a user belongs to has a permission allowed, then that user will be allowed that permission, regardless of any group that is set to disallow.

example:

  • Group 1 has allow set for post new topics, without requiring approval
  • Group 2 has disallow set for that same option.
  • --- If a user belongs to both Group 1 and Group 2, then the user is allowed to post new topics, without requiring approval.

"Deny" changes everything. Deny is an "exclusive" permission. If any membergroup that a user belongs to has a permission denied, then that user will be denied that permission, regardless of any group that is set to allow.

example:

  • Group 1 has allow set for post new topics, without requiring approval
  • Group 2 has deny set for that same option.
  • --- If a user belongs to both Group 1 and Group 2, then the user is denied the right to post new topics, without requiring approval.

Many administrators will use the deny setting in a post count based group to prevent new users from making changes to their profiles, or from making posts without approval.

Note: This can become complicated to track when a deny permission is set in more than one group, and users belong to more than one of those groups. Be careful and frugal with the use of the deny permission setting. They are easy to lose track of.

Retrieved from "https://wiki.simplemachines.org/w/index.php?title=Disallow_and_Deny_-_What%27s_the_difference_when_it_comes_down_to_permissions&oldid=23147"


Advertisement: