Work in progress, expect frequent changes. |
Please see SMF1.1:Permissions, SMF2.0:Permissions or SMF2.1:Permissions depending on the version of SMF you are using.
Introduction
Permissions are a very powerful tool for managing your forum. It is advisable to only change one permission at a time and to test it prior to changing another one. The reason is because the permissions can often interact with each other in unexpected ways, resulting in untested changes having unintended consequences. If you need help beyond the information provided on this page, please feel free to investigate other support options, which are found on this page: https://support.simplemachines.org/.
There are 2 separate sets of permissions. While these permission sets do not overlap, they certainly can interact, depending on how they are used. All permissions are given to people, or website visitors, and managed using membergroups. But these two sets are allocated and utilized differently.
- The General Permissions are applied to membergroups. So for example, you can give those people who belong to certain groups the ability to do things which those in other groups can't. Permissions can be applied to custom membergroups just the same as the original membergroups.
- The Board Permissions are also applied to membergroups. But these permissions are managed using profiles, one of which is assigned to each board. So for example, you can allow people or membergroups to have certain pemissions on one board, but not on another. There are four profiles and you can create custom profiles as well.
In the Admin Center > Members > Permissions sub-menu, there are 5 tabs: General Permissions, Board Permissions, Edit Profiles, Post Moderation, and Settings.
General Permissions
As mentioned above, General Permissions apply to people in membergroups, whether they are the original membergroups or custom groups.
This page shows a table which lists of all membergroups, along with a few statistics. If you have not yet added any custom membergroups, you will see 5 membergroups: Guests, Regular Members, Administrators, Global Moderators, and Moderators. Use the question mark icon on the left to find a definition for each group.
On the right side of the table, beside each membergroup, is a checkbox and a Modify text link. The Modify link allows the administrator to change specific permissions individually. The checkbox allows the administrator to apply the advanced options, which is a way to edit the entire membergroup at once.
Modify
Use the Modify text link to the right of each membergroup name to individually set one or more permissions for the members of this group. The top half of the page offers settings for the General Permissions which are explained in detail below. Please see the page, Moderator for more information on how the Moderator membergroup works. These will help you understand and decide how to set permissions. (The bottom half of the page shows the Board Permissions, which are explained even further below. They are included here with General Permissions for convenience. But they also appear on Board Permissions page.)
Advanced Options
These options allow you to make changes to the whole membergroup at once, using pre-defined permission sets. These are simply sets of permissions which provide generalized types of abilities. To use them, first select one or more membergroups from the table above, by checking the box on the same line with the membergroup name. Then make your choices in the With selection box below the table.
- Apply pre-defined permission set - Choose one of the four options from the dropdown menu: Restrictive, Standard, Moderator, or Maintenance. The question mark button to the left of each option explains the generalized types of permissions which each option provides.
- Set permissions like this group - Choose which group has the permissions closest to what you want for this membergroup.
- (Select a permission) dropdown menu offers all the available permissions which you might want to customize. Make your choice or choices.
- Add permission dropdown menu offers add permission and clear permission. If you have configured the Deny Permissions option on Members > Permissions > Settings, you will also have the Deny permission option to choose from. Thus you can decide whether you want your chosen membergroup to have each permission, not have it, or have it denied. (See further below more information about Deny Permissions.)
When you have completed your selections, click the Set permissions button to finalize each membergroup's permissions.
List of General Permissions
General
- View forum statistics - Determines whether this group can view the collected statistics of an SMF forum that can be found using the More Stats button, in the Info Center
- View the memberlist - Determines whether this group can view the list of all registered members of an SMF forum.
- View Who's Online - Determines whether this group can view Who's Online section in the Info Center, assuming the option to display the section has been enabled.
- Search for posts and topics - Determines whether this group can use the Search feature, assuming the feature has been enabled. (If it has not been enabled, no Search button will be seen.)
Calendar
- View the calendar - Determines whether this group can view the calendar of an SMF forum. It can be found in the navigation bar.
- Create events in the calendar - Determines whether this group can create new events in the calendar.
- Edit events in the calendar - Determines whether this group can edit events in the calendar.
Note that the Calendar permissions will not appear if you have not enabled the Calendar feature for your forum.
Forum Administration
- Administrate forum and database - Determines whether this group can change database connection properties, edit server settings, and perform other administrative functions.
- Manage boards and categories - Determines whether this group can create, modify, and/or delete boards and categories.
- Manage attachments and avatars - Determines whether this group can manage and delete attachments on the forum.
- Manage smileys and message icons - Determines whether this group can change smiley sets, delete smileys, and change smiley options. This includes message icons.
- Edit news - Determines whether this group can edit the forum's news.
- Access the moderation center - Determines whether this group can see the Moderation center.
Member Administration
- Moderate forum members - Determines whether this group can perform moderation tasks, such as register users manually, track IP addresses, online status, etc.
- Manage and assign membergroups - Determines whether this group can create, manage, or delete membergroups.
- Manage permissions - Determines whether this group can manage member permissions.
- Manage ban list - Determines whether this group can ban other members and/or discontinue bans.
- Send a forum email to members - Determines whether this group can send an e-mail in bulk to all members or individual membergroups; this keeps the users from having to reveal their own e-mail addresses.
- Issue warnings to members - Determines whether this group can send warnings to other members of the forum.
Personal Messaging
- Read personal messages - Determines whether this group can view personal messages.
- Send personal messages - Determines whether this group can send personal messages to other members.
- Save drafts of personal messages - Determines whether this group can save drafts of personal messages, so they can finish or send them later.
Member Profiles
- View other members' profile summary and stats pages - Determines whether this group can view profile summaries and member stats.
- Allow Forum Profile edits - Determines whether this group can edit their profiles and/or other members' profiles.
- Edit additional profile settings - Determines whether this group can edit other profile settings for avatars, theme preferences, notifications and Personal Messages; for themselves and/or others.
- 'Edit signatures - Determines whether this group can edit the signature field in their profile and/or other members' profiles.
- Edit website - Determines whether this group can edit the website field in their profile and/or other members' profiles.
- Edit custom title - Determines whether this group can edit their custom title, in their profile and/or other members' profiles.
- Edit personal text - Determines whether this group can edit their custom text, in their profile and/or other members' profiles.
- Select an avatar from the server - Determines whether this group can select an avatar which is stored on the forum server.
- Upload an avatar to the server - Determines whether this group can upload an avatar to the forum's server.
- Choose a remotely stored avatar - Determines whether this group can choose an avatar from an external server. Because avatars might influence the page creation time negatively, it is possible to disallow certain membergroups to use avatars from external servers.
- Report users' profiles - Determines whether this group can report other members' profiles. Allowing this helps prevent spam in the forum.
Member Accounts
- Edit account settings - Determines whether this group can edit their own account's settings as well as the account settings of all members.
- Edit displayed name - Determines whether this group can edit the displayed name field in their profile and/or other members' profiles.
- Change password - Determines whether this group can change their password or secret question in their own profile, and/or in other members' profiles.
- Delete account - Determines whether this group can delete their account or other members' accounts.
- View warning status - Determines whether this group can view their own warning status and/or other members' warning status.
Mentions
- Mention others via @name - Determines whether this group can mention other members by their @name.
Board Permissions
Topics
The six topic approval permissions are only visible if the core feature Post Moderation has been enabled.
- Post new topics, without requiring approval - Determines whether users in this membergroup can post new topics without moderator or administrator approval.
- Post new topics, but hide until approved - Determines whether users in this member group can post new topics which are visible to moderators with the necessary permissions or administrators, but not other users.
- Post replies to topics, but hide until approved - Determines whether users in this membergroup can post replies which are visible to moderators with the necessary permissions or administrators, but not other users.
- Post replies to topics, without requiring approval - Determines whether users in this membergroup can post replies without moderator or administrator approval.
- Post attachments, but hide until approved - Determines whether users in this membergroup can post attachments which are visible to moderators with the necessary permissions or administrators, but not other users.
- Post attachments, without requiring approval - Determines whether users in this membergroup can post attachments without moderator or administrator approval.
- Post new topics - Determines whether users in this membergroup can post new topics.
- Merge any topic - Determines whether users in this membergroup can merge topics.
- Split any topic - Determines whether users in this membergroup can split topics.
- Send topics to friends - Determines whether users in this membergroup can send topics to their friends via email.
- Make topics sticky - Determines whether users in this membergroup can make some topics sticky topics.
- Move topic - Determines whether users in this membergroup can move their own topics, all topics, or no topics at all.
- Lock topics - Determines whether users in this membergroup can lock their own topics, all topics, or no topics at all.
- Remove topics - Determines whether users in this membergroup can remove their own topics, all topics, or no topics at all.
- Post replies to topics - Determines whether users in this membergroup can Post replies to their own topics, all topics, or no topics at all.
- Modify replies to own topics - Determines whether users in this membergroup can modify replies to their own topics.
- Delete replies to own topics - Determines whether users in this membergroup can delete replies to their own topics.
- Announce topic - Determines whether users in this membergroup can announce (send topic by email or private message) their topics.
Posts
- Delete posts - Determines whether users in this membergroup can delete their own posts, all posts, or no posts at all.
- Modify posts - Determines whether users in this membergroup can modify their own posts, all posts, or no posts at all.
- Report posts to the moderators - Determines whether users in this membergroup will be able to report posts to the forum moderators that receive forum notifications.
General
- Moderate board - Determines whether users in this membergroup can moderate the boards they have access to. With this permission users can reply to locked topics, change poll expiration time and view poll results.
- Approve items awaiting moderation - Determines whether users in this membergroup can approve topics, posts, or attachments which need to be approved. Post moderation must be enabled in Core Features for this to be displayed
Polls
- View polls - Determines whether users in this membergroup will be able to view polls.
- Vote in polls - Determines whether users in this membergroup will be able to vote in polls they can see.
- Post Polls - Determines whether users in this membergroup will be able to make their own polls.
- Add poll to topics - Determines whether users in this membergroup are allowed to add polls to existing topics. The forum admins can choose whether they must have posted the topic, or if they can add it to any Topic they can see.
- Edit polls - Determines whether users in this membergroup can edit their polls, any polls, or no polls at all. This permission allows a user to edit the polls options, reset the poll, edit the maximum number of votes, and edit the expiration time of the poll. In order to edit the maximum number of votes and the expiration time a user needs to have the 'Moderate board' permission.
- Lock polls - Determines whether users in this membergroup can lock their own polls, any polls, or no polls at all.
- Remove polls - Determines whether users in this membergroup can remove their own polls, any polls, or no polls at all.
Notifications
- Request notification on replies - Determines whether users in this membergroup will be able to request notification on replies to topics they select.
- Request notification on new topics - Determines whether users in this membergroup will be able to request notification when new topics get posted in a board.
Attachments
- View Attachments - Determines whether users in this membergroup can view attachments.
- Post Attachments - Determines whether users in this membergroup can post attachments on topics.
Board Permissions
On this page, every board is listed with its corresponding permission profile.
- Selecting the board name will bring you to the board's Modify Boards page in Admin > Forum > Boards.
- Selecting the name of the permission profile on the same line will bring you to the Edit Profiles page for this profile.
- Selecting [Edit All] will allow you to choose a new permission profile from drop-down lists for one or several different boards at once -- click on the "Save" button when you are done.
A more detailed section on this can be found at Board Permissions.
Edit Profiles
This page provides ways to create new permission profiles and edit, delete, or rename existing profiles.
Edit Profiles
All the existing permission profiles are listed along with the number of boards using each profile. To modify any existing profile, click on its name. You will then be taken to a page that lists the membergroups and the permissions they have been assigned in relation to this particular permission profile. To change the permissions of a membergroup within this permission profile, click on "Modify" next to the name of the membergroup.
New Profile
- Profile Name - In this box you can define the name of the new permission profile.
- Copy Permissions From - By selecting one of the existing profiles from this dropdown box, the permissions from this profile will be used for the newly created one.
Rename
You can rename permission profiles that you have created, but the four default permission profiles (Default, No Polls, Reply Only, and Read Only) cannot be renamed. When the Rename button is clicked, all the profiles you have created can be renamed, as long as they are not currently assigned to a board. After renaming a profile, make sure that you click on the Save Changes button.
Remove Selected
You can delete any permission profile that you have created. The four default permission profiles (Default, No Polls, Reply Only, and Read Only) cannot be removed. Select the checkbox on the same line as the profile you wish to remove, and then click the Remove Selected button. Note that you can only delete a permission profile if it is not currently assigned to a board.
Post Moderation
Post moderation must be enabled in Core Features for this page to be visible.
In this section admins can define the actions that require Post Moderation for each permission profile. This is a shortcut way of changing some of the permissions in the board permission profiles.
The administrator must first select a profile from the option list and select the go button. For each listed profile, there are four user actions for which post moderation permissions can be set. Each one corresponds to board permissions in the corresponding profile. For each of these user actions, three post moderation options are available.
- - Can Create. The members can perform the action without moderation.
- - Can Create but Requires Approval. The members can perform the action, but approval is required before becoming visible to all other members.
- - Cannot Create. The member cannot perform the action.
Post moderation cannot be used to set deny permissions even if deny is enabled. The 'cannot create' option in post moderation is only ever disallow.
Settings
- Membergroups allowed to manage permissions - Administrators can select which membergroups are allowed to manage permissions.
- Enable the option to deny permissions - Once enabled along with granting permissions it will be possible also to deny any permission. Denied permissions are not allowed even if the member belong to another membergroup for which the permission is granted.
- Enable permissions for post count based groups - Determines whether or not membergroups based on post count can be used to manage permissions.
About Permissions
Options
SMF's permissions are so powerful because they can be set for each individual permission to three options rather than just on or off.
- A - This option gives user current permission
- X - This option does not give the user current permission
- D - This option denies the user current permission
Things get really interesting when a user belongs to 2 or more membergroups with different options (A, X or D) for the same permission.
Member belongs to 2 membergroups
In this example a member belongs to only 2 different membergroups with different options for some permissions:
permissions | option from group A | option from group B | Result for permission | explanation |
---|---|---|---|---|
permission 1 | A | A | allowed | obviously |
permission 2 | A | X | allowed | A beats X |
permission 3 | A | D | not allowed | D beats A |
permission 4 | X | X | not allowed | obvious too |
permission 2 | X | D | not allowed | D beats X |
permission 3 | D | D | not allowed | is this obvious or what? |
In short: D beats A which beats X
Member belongs to 3 or more membergroups
- If you want a permission to be allowed, then you must have option A in at least one group and no D.
- If you want a permission to be disallowed, then you must have all options X, or
- If you want a permission to be disallowed, you must have option D in at least one group. It does not matter if other options are A or X.
You should not use D too much. Its a good idea to use special private membergroups just to Deny some permissions. If you don't want some members to use e.g. private messages, you can set up a private membergroup with a descriptive name like "no-pm" and for that membergroup, set the permissions for pm to D. Every member of that group is not allowed pm's regardless of the other groups they belong. If you change your mind about that setting you can find easily which membergroup restricts PMs and reset it.
Main
Configuration
Forum
- Boards and Categories
- Posts and Topics
- Calendar administration
- Search (admin)
- Smileys and Message Icons
- Attachments and Avatars
- Search engines
Members
Maintenance
Miscellaneous