If this is possible and I’m looking in the wrong spot please forgive me.
Would love to see the ability to choose Group X can’t see/reply/etc when creating a new category.
We have two groups of members: “Store Owners” and “Service Providers”, and have a category called “Only Visible to Store Owners” where the Store Owners can chat candidly about vendors without worry of them dropping in.
The problem is that occasionally a store owner will also be a service provider as well. Because they belong to both groups they’ll see the category that is suppose to be just for Store Owners.
It’d be great to let members of the group “Store Owner” see the category but ONLY if thy were not also a member of the “Service Provider” category.
Category security permissions can only be used to grant a group access to a category. The default setting for a category is to grant the group ‘everyone’ the ability to create, reply, and see the category.
It’s not possible to create a permission that denies a group access to a category. For your case this means that you can’t create a permission that would say that the group ‘Service Providers’ can not see the ‘Only Visible to Store Owners’ category.
To accomplish what you are trying to do with the category, you would need to create a new group for store owners who are not service providers, and then give that group access to the category that you are trying to hide from service providers.
While we could theoretically do this it’d be pretty impractical for a number of reasons. Adding the “can’t see” logic to category permissions would be much simpler which is why I was adding it as a feature request.
Understand it may not be useful to others or make sense to prioritize but wanted to toss it out there as something that’d be useful to me at least if implemented.
Are there any specific reasons why this is so or why it can’t be changed?
I can see several use cases for the proposed “can’t see” setting. They basically amount to simplicity and security: the more groups you have (and the more people can control membership of those groups), the more difficult ot becomes to keep track of who has access to what. If there are certain categories to which certain people should absolutely not have access, the simplest and safest solution is to put those people into a group and exclude them from the respective categories via the “can’t see” settings.
Simpler for your use case (because it negates the need to manage user groups in more detail) but vastly more complicated for anyone else implementing permissions. There’s a good reason that Discourse takes the ‘deny by default’ approach and doesn’t insist on ordering rules - because lots of products in the past have attempted this, and their support forums are littered with examples of users having problems.
Your best solution would be to insert an IdM into the equation and manage your groups properly.