Disallow and Deny - What's the difference when it comes down to permissions: Difference between revisions

Latest revision as of 11:29, 9 October 2016

SMF uses an "inclusive" permissions system. This means that the permissions are normally "additive". If a member belongs to two membergroups, and at least one of them is allowed to do something, then that member will be allowed to do that, even if the other membergroup is not allowed to do that thing.

Inclusive Permissions

Here is an example of inclusive permissions:

The "Official Announcements" board permission profile is used on the "Club Announcements" board.
In this permission profile, membergroup "Club Officers" is allowed to post new topics without approval, but the membergroup "Club Members" is not allowed to post topics without approval.
Therefore, if a member belongs to both "Club Members" and "Club Officers", then the member is allowed to post new topics on the "Club Announcements" board without approval.

The Deny Permission

The Deny permission was added in SMF 2.0 to overrule a permission allowed by membership in another membergroup. If a member belongs to a membergroup that has Deny chosen for a permission, then that member will not have that permission, even if that member belongs to another membergroup that has Allow chosen for that permission.

For example:

The "Default" board permission profile is used on the "Club Chit-Chat" board.
In this permission profile, membergroup "Club Members" has the permission Allow to post new topics without approval, but post-based membergroup "New Member" has the permission Deny to post new topics without approval.
Therefore, every user in the membergroup "New Member" will always need approval on posts in the "Club Chit-Chat" board, even if they are also in the membergroup "Club Members".

Enabling the Option to Deny Permissions

To enable Deny permissions, go to Permissions Settings and check the box for Enable the option to deny permissions. Deny permissions can be difficult to keep track of. Use them sparingly to avoid confusing problems when members belong to more than one membergroup. The Deny permission is not available for the Guest pseudo-membergroup because guests never belong to any other membergroup.

@@ Line 1: / Line 1: @@
-SMF normally uses an "inclusive" permissions system. What that generally means is that any user has ALL permissions granted by ANY group that user belongs to. If any membergroup that a user belongs to has a permission ALLOWED, then that user will be allowed that permission, regardless of any group that is set to DISALLOW
+SMF uses an "inclusive" permissions system. This means that the permissions are normally "additive". If a member belongs to two membergroups, and at least one of them is allowed to do something, then that member will be allowed to do that, even if the other membergroup is not allowed to do that thing.
-example:<br>
+==Inclusive Permissions==
-Group 1 has ALLOW set for Post new topics, without requiring approval<br>
-Group 2 has DISALLOW set for that same option.<br>
---- If a user belongs to both Group 1 and Group 2, then the user is ALLOWED to post new topics, without requiring approval.
-The addition of the DENY option changes this. DENY is an "exclusive" permission. If any membergroup that a user belongs to has a permission DENIED, then that user will be denied that permission, regardless of any group that is set to ALLOW.
+Here is an example of inclusive permissions:
-example:<br>
+* The "Official Announcements" board permission profile is used on the "Club Announcements" board.
-Group 1 has ALLOW set for Post new topics, without requiring approval<br>
+* In this permission profile, membergroup "Club Officers" is allowed to post new topics without approval, but the membergroup "Club Members" is not allowed to post topics without approval.
-Group 2 has DENY set for that same option.<br>
+* Therefore, if a member belongs to both "Club Members" and "Club Officers", then the member is <em>allowed</em> to post new topics on the "Club Announcements" board without approval.
---- If a user belongs to both Group 1 and Group 2, then the user is DENIED the right to post new topics, without requiring approval.
-Many admins will use the DENY setting in a post-count-based group to prevent new users (aka potential spammers) from making changes to their profiles or from making posts without approval.
+==The ''Deny'' Permission==
-Note: This can become complicated to track when a DENY is set in more than one group and users belong to more than on of those groups. Be careful and frugal with the use of the DENY permission setting.
+The ''Deny'' permission was added in SMF 2.0 to overrule a permission allowed by membership in another membergroup. If a member belongs to a membergroup that has ''Deny'' chosen for a permission, then that member will not have that permission, even if that member belongs to another membergroup that has ''Allow'' chosen for that permission.
+For example:
+* The "Default" board permission profile is used on the "Club Chit-Chat" board.
+* In this permission profile, membergroup "Club Members" has the permission <em>Allow</em> to post new topics without approval, but post-based membergroup "New Member" has the permission <em>Deny</em> to post new topics without approval.
+* Therefore, every user in the membergroup "New Member" will always need approval on posts in the "Club Chit-Chat" board, even if they are also in the membergroup "Club Members".
+===Enabling the Option to Deny Permissions===
+To enable ''Deny'' permissions, go to  [[{{Latest docs}}Permissions#Settings|Permissions Settings]] and check the box for ''Enable the option to deny permissions''.  ''Deny'' permissions can be difficult to keep track of. Use them sparingly to avoid confusing problems when members belong to more than one membergroup. The Deny permission is not available for the ''Guest'' pseudo-membergroup because guests never belong to any other membergroup.
 [[Category:FAQ]]
+[[Category:Permissions]]

Navigation

Search

Tools