Description of various user states in Discourse (Admin / Moderator / Staff / Developer / Other)

Discourse has many built in user states, the following describes the meaning of each state and basic storage implementation:

Admin

Admin users are the superusers in the system, they can:

  • Impersonate non admins
  • Change site settings
  • Create groups
  • Amend site customizations
  • Perform all the actions moderators can perform
  • Read any personal message
  • Create, delete and modify categories
  • Ignore category permissions to view private categories

Storage: The boolean field admin in the users table flags any admin accounts.

Developer

Special account used to install Discourse

  • View rack-mini-profiler showing timings on the page
  • Impersonate any account including admins
  • Automatically becomes admin and has all admin rights

Storage: controlled via the developer_emails global setting or the developers table, in Docker install use the env var DISCOURSE_DEVELOPER_EMAILS to specify an email list of users who are developers.

Moderator

Power user capable of moderating the site:

  • Gets shield icon next to name on posts
  • Can perform all actions Staff can perform

Storage: the boolean field moderator in the users table

Staff

A user that is either an admin a moderator or both.

  • Immune to rate limits
  • Can process flags and posts held in the moderation queue
  • Can delete topics and posts, split topics, merge topics, hide topics and so on.
  • Can view user info(Excluding emails for moderators)
  • Can suspend, silence, anonymize and delete users
  • Can adjust a user’s trust level

Storage: computed from the admin and moderator columns on the users table

Trust level 0 - 4

See: What do user trust levels do?

Storage: the numeric field trust_level in the users table

New user

Special restricted account for first day of usage or new accounts. new_users have special rate limits defined in site settings

  • Trust Level 1 account created in the last 24 hours, or Trust Level 0
  • Non staff account

Limits:

  • Can only create a topic once every 2 minutes (rate_limit_new_user_create_topic)
  • Can only create a post once every 30 seconds (rate_limit_new_user_create_post)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

First day user

Special additional restrictions that apply to an account created in the last 24 hours

  • Account created in the last 24 hours
  • Non staff account
  • Not TL2 or above

Limits:

  • May only create 10 replies (max_replies_in_first_day)
  • May only create 3 topics (max_topics_in_first_day)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

Silenced

Either manually by staff or when an account is flagged by spam system as a problem account, all posting is disabled.

  • Account may not reply to any topic
  • Account may not create any topics
  • Account may not create PMs, but can reply to PMs
  • Account may not create flags
  • Account still can like and bookmark
  • Account can still change user prefs and about me (TBD if this is a good idea)
  • Mailing list mode stops working

Storage: silenced boolean column in the users table

Active

Account has a verified email and is therefore active in Discourse instance

  • Account may login to Discourse, inactive accounts may not login
  • Inactive accounts can only verify their email (and other routes as necessary to complete registration).

Storage: active boolean column in the users table

Approved

If the site setting must_approve_users is enabled a user must be approved prior to being allowed to log in.

Storage: approved boolean column in the users table

Suspended

Account suspended from Discourse instance

  • A note is displayed on user page denoting suspension reason
  • Login is not allowed
  • Account can only be mentioned by staff
  • No emails are sent to user for any notifications (digest, message and so on)
  • As an exception any emails initiated by staff are still sent to user

Storage: suspended_till datetime column in users table

Staged

A special placeholder account which is created automatically by the system for email integration

  • No email digests are ever sent
  • Automatically watches all messages it participates in and receives notifications of replies
  • May reply via email to notifications
  • Username and Name are automatically picked
  • Account may still register with the same email and “take over” the staged account.
  • Forgot password will do nothing …when you attempt to send a password reset to a staged account

Storage: staged field in users table

71 Likes
Modifying Staff Roles to go beyond Administrator and Moderator?
List of full moderation tools?
Deactivating users permanently
Improving Blocked User State
Which setting(s) would prevent Discourse from emailing an old user?
View Forum as User X
How to reply to staged user through discourse?
A single number for users ranking (reputation like)?
What is a staged user?
Allow moderators to create groups
What permissions can admins give moderators?
Understading groups in discourse
How do I block a user?
Levels and Staff roles
A new trust level: The Helpful member?
Send email to non registered user in a group
Difference between “member” and “staff user”
Send email to non registered user in a group
How to disable mail for staged users?
Discourse User Features
Discourse User Roles difference
Who is able to change profile of another user
Change user registration date (created_at) via API
Improving Blocked User State
Unlisted option on creation of a new topic
Understanding Discourse Trust Levels
Improving Blocked User State
Are banned members supposed to receive email notifications?
What is a staff user on hosted Discourse?
Limit the daily number of posts from a user
Major slowdown for staff in large topics
For how long a new user is considered "new user"?
Moderator can edit User Names and other properties of users and admins
How to invite someone to answer a question?
How does discourse count users?
Suspend all users apart from admin users for development copy
Auto-remove accounts when SSO ID is not longer valid
Best strategy for member who wants to "pause"? Suspend may not be it
How might we better structure #howto?