I’ve had a fair long look at the forums and searched but the closest I could find for this was: https://meta.discourse.org/t/changing-group-permissions/19546
There was no comment after the initial post by @codinghorror about madness lying down that route. If someone does know of a similar thread I’ve listed, please point me at it and we can continue discussion over there.
In the interests of removing ambiguity I’m italicising Discourse terms (Moderators, Admin, Staff) etc. to distinguish from other use of those words.
I wondered whether there was any interest in altering the rigidity in permissions and abilities at the moment. I doubt my use case is unique particularly - I admin a forum for a specific game (SkySaga) and we have Community Moderators as well as staff (as in people who work on the game rather than Admin/Moderators in Discourse). I initially made the Community Moderators Moderators but then discovered that this role enabled them to do things that they ought not to do (see IPs, email addresses, ban users, etc.). I reassigned them to Trust Level 4 to ensure that they couldn’t accidentally or purposefully do anything more than they ought to do (which is pretty much purely post moderation) however TL4 means that they cannot do useful things like using a colour to signify that they are speaking “officially”, deleting individual posts, seeing flags, etc.
Perhaps category-specific moderation (which I understand is on the roadmap) will allow for some of these things, as it will reduce Moderator rights to a specific category as I understand it, and therefore may remove some of the more back-end, non-post-specific admin permissions?
I understand that fiddling with individual permissions can be tedious, but the ability to alter these at all out of the box would be really useful for me, and I’d be surprised if I’m alone (in fact I was surprised I could only find one other topic that looked similar!).
Is there anything to mediate this at all? I’m very surprised at how little attention has been paid to the personal information that these positions expose, especially considering I’m relying on volunteers to help run my community.
Plus, I can’t seem to hide other areas of the site that I’d like to, such as the Staff area – which, you might imagine, I would like to reserve for my staff.
Not having much security against bringing these people in is making me question the continued use of this particular community service. I feel I should have more control - no, total control over this.
Is there any explanation as to why these oversights have been made other than, it’s hard?
Yes - to manage expectations though I will first be merging a new review queue. Once we have made sure all regressions and issues are fixed, I will do a follow up commit to enable category level moderation.
The data structures will be in place shortly. The interface to use them is not ready yet.