This is a guide for understanding the various user statuses, roles, and permissions within Discourse, including how they affect user capabilities and how they are stored in the database.
Required user level: Administrator
Discourse has many built-in user statuses, roles, and permissions.
These statuses and roles can be seen for a given user when viewing their profile from the users’ section of the admin dashboard:
Permission Status
Activated
Account has a verified email and is therefore active in the Discourse instance
- Account may login to Discourse, inactive accounts may not login
- Inactive accounts can only verify their email (and other routes as necessary to complete registration).
Storage: active
boolean column in the users
table
Staged
A special placeholder account which is created automatically by the system for email integration
- No email digests are ever sent
- Automatically watches all messages it participates in and receives notifications of replies
- May reply via email to notifications
- Username and Name are automatically picked
- Account may still register with the same email and “take over” the staged account.
- Forgot password will do nothing …when you attempt to send a password reset to a staged account
Storage: staged
field in users
table
Admin
Admin users are the superusers in the system, they can:
- Impersonate non-admins
- Change site settings
- Create groups
- Amend site customizations
- Perform all the actions moderators can perform
- Read any personal message
- Create, delete and modify categories
- Ignore category permissions to view private categories
Storage: The boolean field admin
in the users
table flags any admin accounts.
Moderator
Power-user capable of moderating the site:
- Gets shield icon next to name on posts
- Can perform all actions Staff can perform
Storage: the boolean field moderator
in the users
table
Staff
A staff user is any user that is either an admin or a moderator (or both).
- Immune to rate limits
- Can process flags and posts held in the moderation queue
- Can delete topics and posts, split topics, merge topics, hide topics and so on.
- Can view user info (Excluding emails for moderators)
- Can suspend, silence, anonymize and delete users
- Can adjust a user’s trust level
Storage: computed from the admin
and moderator
columns on the users
table
Category Moderator
This is a non-staff user who is part of a group that has been granted select moderation powers over specific categories. This can be enabled per site using the enable category group moderation
admin setting, and set for each category in the Settings tab of the category wrench:
Trust level 0 - 4
See: What do user trust levels do?
Storage: the numeric field trust_level
in the users
table
Suspended
Account suspended from Discourse instance
- A note is displayed on the user page denoting suspension reason
- Login is not allowed
- Account can only be mentioned by staff
- No emails are sent to the user for any notifications (digest, message and so on)
- As an exception, any emails initiated by staff are still sent to the user
Storage: suspended_till
datetime column in users
table
Silenced
Either manually by staff or when an account is flagged by spam system as a problem account, all posting is disabled.
- Account may not reply to any topic
- Account may not create any topics
- Account may not create PMs, but can reply to PMs
- Account may not create flags
- Account still can like and bookmark
- Account can still change user prefs and about me (TBD if this is a good idea)
- Mailing list mode stops working
Storage: silenced
boolean column in the users
table
Other Status
Users can have a few additional statuses not shown in the permissions section of the admin dashboard.
New user
Special restricted account for the first day of usage or new accounts. new_users have special rate limits defined in site settings
- Trust Level 1 account created in the last 24 hours, or Trust Level 0
- Non-staff account
Limits:
- Can only create a topic once every 2 minutes (rate_limit_new_user_create_topic)
- Can only create a post once every 30 seconds (rate_limit_new_user_create_post)
Storage: computed from created_at
, moderator
, admin
, and trust_level
columns on the users
table
First day user
Special additional restrictions that apply to an account created in the last 24 hours
- Account created in the last 24 hours
- Non staff account
- Not TL2 or above
Limits:
- May only create 10 replies (max_replies_in_first_day)
- May only create 3 topics (max_topics_in_first_day)
Storage: computed from created_at
, moderator
, admin
, and trust_level
columns on the users
table
Approved
If the site setting must_approve_users
is enabled a user must be approved
prior to being allowed to log in.
Storage: approved
boolean column in the users
table
Developer
Special account used to install Discourse
- View rack-mini-profiler showing timings on the page
- Impersonate any account including admins
- Automatically becomes admin and has all admin rights
Storage: controlled via the developer_emails
global setting or the developers
table, in Docker install use the env var DISCOURSE_DEVELOPER_EMAILS
to specify an email list of users who are developers.
Additional resources
For a more detailed breakdown of the specific powers granted to category moderators please see Trust Level Permissions Table (inc Moderator Roles).
Last edited by @pedrom 2024-07-03T03:41:22Z
Last checked by @hugh 2024-07-03T05:04:10Z
Check document
Perform check on document: