Does setting category security permissions for trust_level_1 extend to higher trust levels?
Or do I need to setup all of my categories similar to the screenshot?
Thanks,
Ryan
1 Like
Yes, it does. All trust_level_2 users are also trust_level_1.
No, there is no need for that.
2 Likes
Falco, I searched through the meta and used ask.discourse.com and was told the opposite. Is this documented somewhere that I missed?
Is the same true for Moderators, Staff, Admin?
If Moderators have See, Reply, & Create, will that flow to Staff and Admin?
Admins can see everything anyways. And moderators are also staff so they’ll be able to create / reply / see.
1 Like
What is the purpose of these roles, then? Will users with these levels be able to see, reply, create even if they are not added to the Security list in a category?
Put differently, can I remove then the security of a category to declutter?
As long as all your staff are at least trust level 1, you don’t need to add any of the other groups.
Admins can usually see everything even if you, for example, limit a category to be visible only for moderators. (But there is a site setting which actually hides those categories from admins in most places.)
Moderators can only see categories they have permission to see because of their group membership and the security settings of the category. But your moderator users are in more than one group, and adding one is enough.
I find it quite helpful to look at the groups section on the admin page of a user at /admin/users/{user_id}/{username}.
My forum is in German, which is why the group names are in German, but you can see the moderators and the staff (team) group as well as all the trust level groups the user is a member of. And below, you see the custom groups. As long as one of these groups is allowed to see a category, the user will be able to do so.
Since all moderators and admins are also members of the staff group, you usually do not need to add all three- only using staff is enough. But when you create a subcategory that is more secret, for example, a subcategory of the staff category which only admins can see, you need to add admins to the staff category too because you cannot grant permissions in a subcategory to a group that hasn’t permission to see the parent category. And that check only considers the group name. It’s not smart enough to understand that the staff group already has permission to see the staff category and that all admins are in that group.
That’s a case where it can be necessary to add the staff and the admin group. But usually one of them is enough. Just like one trust level group is enough because users are also members of all groups of a lower trust level. That’s also mentioned in the description of the groups.
Moin, I guess I didn’t think of it that way; admins, moderators, and staff typically have at least trust_level_1.
Your reply was very helpful! Thank you for the thorough explanation and edge cases.
Best, Ryan
1 Like