(the difference between disallow and deny in permissions) |
|||
| Line 1: | Line 1: | ||
SMF normally uses an "inclusive" permissions system. | SMF normally uses an "inclusive" permissions system. What that generally means is that any user has ALL permissions granted by ANY group that user belongs to. If any membergroup that a user belongs to has a permission ALLOWED, then that user will be allowed that permission, regardless of any group that is set to DISALLOW | ||
What that generally means is that any user has ALL permissions granted by ANY group that user belongs to. | |||
If any membergroup that a user belongs to has a permission ALLOWED, then that user will be | |||
example:<br> | |||
Group 1 has ALLOW set for Post new topics, without requiring approval<br> | |||
Group 2 has DISALLOW set for that same option.<br> | |||
--- If a user belongs to both Group 1 and Group 2, then the user is ALLOWED to post new topics, without requiring approval. | --- If a user belongs to both Group 1 and Group 2, then the user is ALLOWED to post new topics, without requiring approval. | ||
The addition of the DENY option changes this. DENY is an "exclusive" permission. If any membergroup that a user belongs to has a permission DENIED, then that user will be denied that permission, regardless of any group that is set to ALLOW. | The addition of the DENY option changes this. DENY is an "exclusive" permission. If any membergroup that a user belongs to has a permission DENIED, then that user will be denied that permission, regardless of any group that is set to ALLOW. | ||
example:<br> | |||
Group 1 has ALLOW set for Post new topics, without requiring approval | Group 1 has ALLOW set for Post new topics, without requiring approval<br> | ||
Group 2 has DENY set for that same option. | Group 2 has DENY set for that same option.<br> | ||
--- If a user belongs to both Group 1 and Group 2, then the user is DENIED the right to post new topics, without requiring approval. | --- If a user belongs to both Group 1 and Group 2, then the user is DENIED the right to post new topics, without requiring approval. | ||
| Line 22: | Line 16: | ||
Note: This can become complicated to track when a DENY is set in more than one group and users belong to more than on of those groups. Be careful and frugal with the use of the DENY permission setting. | Note: This can become complicated to track when a DENY is set in more than one group and users belong to more than on of those groups. Be careful and frugal with the use of the DENY permission setting. | ||
[[Category:FAQ]] | |||
Revision as of 20:26, 11 April 2011
SMF normally uses an "inclusive" permissions system. What that generally means is that any user has ALL permissions granted by ANY group that user belongs to. If any membergroup that a user belongs to has a permission ALLOWED, then that user will be allowed that permission, regardless of any group that is set to DISALLOW
example:
Group 1 has ALLOW set for Post new topics, without requiring approval
Group 2 has DISALLOW set for that same option.
--- If a user belongs to both Group 1 and Group 2, then the user is ALLOWED to post new topics, without requiring approval.
The addition of the DENY option changes this. DENY is an "exclusive" permission. If any membergroup that a user belongs to has a permission DENIED, then that user will be denied that permission, regardless of any group that is set to ALLOW.
example:
Group 1 has ALLOW set for Post new topics, without requiring approval
Group 2 has DENY set for that same option.
--- If a user belongs to both Group 1 and Group 2, then the user is DENIED the right to post new topics, without requiring approval.
Many admins will use the DENY setting in a post-count-based group to prevent new users (aka potential spammers) from making changes to their profiles or from making posts without approval.
Note: This can become complicated to track when a DENY is set in more than one group and users belong to more than on of those groups. Be careful and frugal with the use of the DENY permission setting.
