Disallow and Deny - What's the difference when it comes down to permissions: Difference between revisions From Online Manual

Jump to: navigation, search
(how to turn on deny permission.)
(attempt to make the explanation simpler to understand)
Line 1: Line 1:
SMF normally uses an "inclusive" permissions system. This means that permissions are normally "additive". Normally, a member has '''all''' permissions granted by '''any''' membergroup that a member belongs to. If any membergroup that a member belongs to has a permission '''allowed''', then that member will be allowed that permission, regardless of any group that is set to '''disallow'''.
SMF uses an "inclusive" permissions system. This means that are normally "additive". If a member belongs to two membergroups, and at least one of them is allowed to do something, then that member will be allowed to do that, even if the other membergroup is not allowed to do that thing.


example:
Example:
*Group 1 has '''allow''' set for post new topics, without requiring approval
* The "Official Announcements" board permission profile is used on the the "Club Announcements" board.
*Group 2 has '''disallow''' set for that same option.
* In this permission profile, membergroup "Club Officers" is allowed to post new topics without approval
*--- If a member belongs to both Group 1 and Group 2, then the member is '''allowed''' to post new topics, without requiring approval.
* While "Club Members" is not allowed to post topics without approval
* therefore, if a member belongs to both "Club Members" and "Club Officers", then the member is '''allowed''' to post new topics without approval.


"Deny" changes everything. '''Deny''' is an "exclusive" permission. If any membergroup that a member belongs to has a permission '''denied''', then that member will be denied that permission, regardless of any group that is set to '''allow'''.
'''Deny''' permission was added in SMF 2.0 to over-rule allowed permission. If a member belongs to a membergroup that has '''Deny''' chosen for a permission, then that member will not have that permission, even if that member belongs to a membergroup that has '''Allow''' chosen for that permission.


example:
Example:
* Group 1 has '''allow''' set for post new topics, without requiring approval
* The "default" board permission profile is use on the "Club Chit-Chat" board.
* Group 2 has '''deny''' set for that same option.
* In this permission profile, membergroup "Club Members" has permission "allow" to post new topics, without approval required
* --- If a member belongs to both Group 1 and Group 2, then the member is '''denied''' the right to post new topics, without requiring approval.
* But post-based membergroup "new member" has permission '''deny''' to post new topics, without approval required
 
* Therefore, every "new member" will always need approval on posts, even if they are also in "Club Members"
Many administrators will use the '''deny''' setting in a post count based group to prevent new members from making changes to their profiles, or from making posts without approval.
 
It can become complicated to track when a '''deny''' permission is set in more than one group, and members belong to more than one of those groups. Be careful and frugal with the use of the '''deny''' permission setting. They are easy to lose track of.  To enable '''deny''' permission, go to  [[{{Latest docs}}Permissions#Settings|Permissions Settings]] and check the box for '''Enable the option to deny permissions''.  Deny permissions is not enabled for the '''Guest''' membergroup, as guest never belongs to any other membergroup.


To enable deny permission, go to  [[{{Latest docs}}Permissions#Settings|Permissions Settings]] and check the box for '''Enable the option to deny permissions'''.  '''Deny''' permissions can be difficult to keep track of.  Use them sparingly to avoid confusing problems when members belong to more than one membergroup.  Deny permissions is not available for the '''Guest''' pseudo-membergroup, as guest never belongs to any other membergroup.
[[Category:FAQ]][[Category:BFG]]
[[Category:FAQ]][[Category:BFG]]

Revision as of 14:23, 29 April 2014

SMF uses an "inclusive" permissions system. This means that are normally "additive". If a member belongs to two membergroups, and at least one of them is allowed to do something, then that member will be allowed to do that, even if the other membergroup is not allowed to do that thing.

Example:

  • The "Official Announcements" board permission profile is used on the the "Club Announcements" board.
  • In this permission profile, membergroup "Club Officers" is allowed to post new topics without approval
  • While "Club Members" is not allowed to post topics without approval
  • therefore, if a member belongs to both "Club Members" and "Club Officers", then the member is allowed to post new topics without approval.

Deny permission was added in SMF 2.0 to over-rule allowed permission. If a member belongs to a membergroup that has Deny chosen for a permission, then that member will not have that permission, even if that member belongs to a membergroup that has Allow chosen for that permission.

Example:

  • The "default" board permission profile is use on the "Club Chit-Chat" board.
  • In this permission profile, membergroup "Club Members" has permission "allow" to post new topics, without approval required
  • But post-based membergroup "new member" has permission deny to post new topics, without approval required
  • Therefore, every "new member" will always need approval on posts, even if they are also in "Club Members"

To enable deny permission, go to Permissions Settings and check the box for Enable the option to deny permissions. Deny permissions can be difficult to keep track of. Use them sparingly to avoid confusing problems when members belong to more than one membergroup. Deny permissions is not available for the Guest pseudo-membergroup, as guest never belongs to any other membergroup.



Advertisement: