I think this is worth discussing in a separate topic.
Most permissions in Discourse are group-based. A lot of site settings, the category permissions, and the tag groups’ visibility rely on this. So, it is very important that admins understand that when they add the trust_level_2 group, all users with TL3 are members of that group too.
Right now, you can find out by reading the group descriptions
or by looking at the user’s admin page, which lists all group memberships.
There is also an explanation below the personal message enabled groups setting:
Allow users in these groups to CREATE personal messages. IMPORTANT: 1) all users can REPLY to messages. 2) Admins and mods can CREATE messages to any user. 3) Trust level groups include higher levels; choose trust_level_1 to allow TL1, TL2, TL3, TL4 but not allow TL0. 4) Group interaction settings override this setting for messaging specific groups.
I haven’t found a documentation topic that explains it (but trust level documentation is also on the to-do list, so that could still come). Maybe the admin guide would be a good place to explain it.
While that works for site settings it doesn’t work for category permissions. Allowing for example tl1 to read and tl2 to read and reply should be possible.
Are there settings where adding more than one trust level group is a problem?
Yes, this is a fairly recent change we made to try to help educate about trust level groups.
I’m not suggesting a change to category permissions. I think that UI is clear enough and does allow giving permission by group. If you want to be able to do something weird like give TL0 create access but not give create access to TL1, then you can create additional groups.
We may want to add some explanatory text here with things to know about how admins, moderators, staff and trust levels work when setting up category security.
This will be great! When we have a new trust levels, documentation topic we can link to it from the interface for those seeking to learn more.
We used to do that, but removed it when we made some changes to the guide to try to make it easier and more helpful for first time site owners. There is a link to understanding trust levels, which I think is enough for now.
I still think that the best approach is to improve the interface, so that Admins do not shoot themselves in the foot or get overly confused. In most cases, people don’t need to make any changes at all to these _allowed_groups settings. We already prevent admins and moderators from being removed from settings where they always are allowed, and can now also prevent more than one trust level group from being added.
Why do you want to prevent that? Is it a problem to add more than one trust level group? I know that usually it’s not needed, but I like that I can add an additional, lower trust level to a setting, because then I can remove it later without having to remember which TL group was in there before.
I think it is way more important to understand the group concept for category permissions, because otherwise you could think that creating a category for the trust level 0 group will only be visible to new users. That is definitely a problem.
I’m suggesting we prevent more than one trust level group from being added in the settings because it’s redundant. It will cause confusion if people think they can add several and exclude others without knowing the implications. But I’m happy to hear arguments to not do it and I’m not saying I know exactly what we’re going to be doing here.
The main thing I am focused on with the _allowed_groups site settings is figuring out how to simplify the descriptions while remaining as clear as possible about what the settings do. It’s not uncommon for people to get confused such as here:
I haven’t thought so much recently about trust level groups and category security and I’m not aware of problems that people have reported, so thanks for raising that. We could display a warning when a trust level is used, and link to the documentation.
I’m using several overlapping groups (TL1, admin, staff) just because it makes me more comfortable, even though I know admins and staff are included in TL1. And I have a tendency to try different policies or tricks, and then for me it is easier to drop TL1 and still have admins and staff retain access.
Unnecessary? Definitely yes, but it gives me better nights’ sleep.
