这三者有什么区别?
Leader (TL4) is the highest non-staff level one can have.
Moderator can do anything related to moderation of forum
Admin can tinker with more advanced forum settings.
In fact, admins can do everything.
If the admin #1 (creator of the forum) put “JohnDoe” as admin… can JohnDoe remove the admin’s role to user #1 ?
Good point. The answer is no, unless John Doe also has ssh access to the server because the creator admin has her email in the app.yml which makes it unremovable via the discourse UI.
And here is another privilege of the “creator admin”:
It is actually a good question - I thought I was clear on this but am realising I can’t define it and therefore not 100% sure
I am clear about Admin vs non-admin
… but are there any practical differences between Moderator and TL4?
If you want to grant extra rights to members of your community without giving them access to the settings and the member data of the site, should you make them a Moderator, or upgrade them to TL4 instead?
TL4 is only limited to moderation of posts made by them and others.
However, moderators can do much more. Including creation of categories, viewing stats, moving posts etc.
There is very less to distinct between both but I think that /admin route is only accessible to moderators and above. Also, moderation related notifications (flags & reports) are only sent to moderators not to TL4.
I think if you give this a read it should answer a lot of questions for you
The very high level answer is that TL4s can moderate content. Mods can moderate content and users.
TL4 has no visibility of flags etc.
谢谢你的回复。我在原则上已经了解了大部分内容,但直到真正投入实践后,才注意到其中存在的问题和不足之处。
遗憾的是,这并没有满足我的需求。我不确定是因为我遗漏了什么,还是说我需要在 Contribute > Feature 频道发帖讨论。
看起来“版主”(Moderators)是一种低级别的“管理员”。我理解这是为了让他们能够在最高层面上帮助管理内容(包括创建分类等),因此默认认为他们也需要一定的用户访问权限。
然而,在 GDPR(通用数据保护条例)实施后的今天,从数据安全和隐私的角度来看,这是一个重大问题。这意味着任何版主都可以访问社区的管理后台,查看用户页面,并从 SSO(单点登录)流程中下载包含姓名和电子邮件地址等个人信息的数据库。这是不可接受的。
因此,我们默认将我们的“公民版主”设置为 TL4 用户,他们仍然可以修改内容,但不能访问用户信息或进行结构性更改。这没问题。但这也意味着他们将永远看不到举报标志。虽然某些严重问题(如不当行为)可能需要管理员查看用户的历史记录,但对于Broken links(死链)、分类错误、垃圾信息等通知来说,情况并非如此。
难道只有我一个人觉得我们需要一个中间方案,既能广泛访问内容和举报标志,又能屏蔽所有用户数据的访问权限吗?
是否有其他方式可以实现这一目标?
Wait, what? As a moderator, I am not able to download the main database. I can view a user’s email address, which is then logged that I did it, but it is very much me visiting user after user after user. Can you elaborate on what you mean by “download the main database”?
if you go to the ‘user’ tab in Admin pages as a moderator, you still have access to the “export” feature. While I didn’t actually test it, I’m assuming (possibly incorrectly) that this is the same export report that I get as admin, and this includes email addresses and data in custom fields from SSO
EDIT: yes, I just re-tested it and downloaded the ‘user list’ with all the information I could want on the members while impersonating a user with ONLY moderator access, not admin level
SECOND EDIT: Looking at the logs, I also don’t see an entry for the user exporting the user list. I can see the log for my impersonation of the user, and the deletion of the PM with the export link, but no reference to the fact that the user list was exported
Oh, I see, that was not what I inferred from your original post. Now it makes sense. I’d actually be perfectly okay if that Export button wasn’t visible to Moderators, I personally never use it (as a moderator on a Discourse site). I’m not sure what moderators would be using that data for…
exactly! This would have to be hidden, and arguably we would need the option to hide custom fields in the admin version of user profiles too (as SSO carries through email).
In answer to your question, probably nothing good - and we might get into trouble with data authorities (I suspect) for not locking down access to private / personal information
@techapj just resolved the email part
I had missed that conversation - thanks
Still can’t see why the export button should be there - hopefully that will be removed too. Is this something I should cross-post there, do you think?
我认为移除它应该是一个单独的话题,也许可以在 Contribute > Feature 中提出,并列出一些要点来说明为什么 Moderators 不需要它。
基础版论坛最多可以有多少名版主?
对于托管在我们平台上的网站,我们的标准计划最多允许 5 名工作人员。工作人员是指任何担任管理员、版主或同时担任两者的用户。