How to use category security settings to control access to content

(Simon Cossar) #1

The Security tab on the category edit modal is used to control both the visibility of categories and what users can do in a category. This is done by defining category permissions that associate a group name with an access level. The default permission for a new category is that the group everyone can Create/Reply/See. This means that all users on your forum, including anonymous users, have access to the category. You can change this state by adding or removing permissions.

Adding permissions

To add a permission, click the Edit Permission button. This will open two dropdown fields. The first field is used to select the group to add the permission for, the second field is to select the permission level.

On a new forum, the group dropdown will have the everyone, admins, staff, and moderators groups, as well as a group for each of the four Discourse trust levels. If you have added a custom group to your forum, that group will appear in the group dropdown menu.

The permission level dropdown lets you select between three levels of access: Create/Reply/See, Reply/See, and See. Create is the permission to create a topic in the category. Reply is the permission to post in a topic. See is the permission to see the category’s content. Combining groups with permission levels gives you control over what users can do in a category.

Removing permissions

To remove a permission, click the Edit Permissions button. A blue ‘x’ button will appear next to the existing permissions for the category. Click the ‘x’ to remove the permission.

Category visibility

If a group cannot See a category, that category will not appear in the user interface for its members. Members of groups who have access to a category that can’t be seen by everyone will see a padlock icon next to the category’s badge.

A group that can See a category, but can’t Create or Reply will have the category badge and content displayed normally in their user interface. On the category’s page, the New Topic button will be greyed out and disabled for them. The category will also not be available for them in the composer’s category dropdown menu. Users who can only See a category can still receive notifications for the category and have the category’s content included in their digest email.

Permissions for Admins and Moderators

Admins are always able to Create/Reply/See in a category. Moderators do not have default access to a category - for moderators to access a category they must be included in a permission rule. Moderators are in the staff and moderators groups, they can also gain access to a category by being a member of a custom group.

The difference between the everyone group and Trust Level 0

The everyone group is made up of all users, including anonymous users. The Trust Level 0 group is all users who have created an account and are logged into your forum. You can disallow anonymous access to a category by setting the group to trust_level_0 instead of everyone.


Limiting access to a category to members of a custom group

Allowing all users to see a category, but only group members to create content

Allowing all users to reply in a category, but only group members to create topics

Allowing all users except anonymous users to access a category

Private Topics - are they supported?
Setting up a private category
Restricting Access to categories
Discourse - What do admins see on the Analytics dashboard?
How to configure a group to receive notifications and emails for a private category
Hide a user from a category
Help! Making two different channels in my discourse
Is it possible to have private categories for some members?
Topic that only the original author can post in?
(cosmo) #2

Is there a way to setup a category that is restricted but the sub category within it is not (as much)

The idea:

Category: Committee A
(admin, staff, committee A members - can see/read/write)
sub committee A members do not have access.

Sub Category: subcommittee to Committee A.
(admin, staff, committee A members, AND subcomitteeA members - can see/read/write).

The main committee is for staff, the sub committee is for volunteers overseen by the staff. The problem I have is the sub category does not appear for the users with permission to see it, but no permission to see the parent category.

For organizations sake, I don’t want to separate them. Hence this query.

(Robert McIntosh) #3

Why not reverse the structure?

Parent Category is for “All Category A Business” which includes your subcommittee members

The Sub-Category would be a restricted area for “Category A Committee Business” and not include the volunteers?

I don’t believe it is possible to allow broader access to a subcategory than to its parent

(cosmo) #4

It would really not flow from an organizational perspective.
It’s for a labor organization’s internal business.

The main category is for elected reps to have discussions regarding the specific committee that is reps only.

The sub committee is a stand-alone sub committee that is run by non elected volunteers that reports to the committee.

Hence it would be very off to reverse the hierarchy for the primary users, the elected reps

(Robert McIntosh) #5

Sadly, from a logical point of view this cannot work - if you cannot even See Category A, how can you be part of a sub-category of it?

You could either allow volunteers to just see the parent (do they not need this information?) or you will then need to split Committees and Sub-Committees into separate areas.

How often are members part of more than one (or a few) committees?

You could have a parent that brought together all committees - members would only see the ones they are part of in any case, and the parent could keep general advice for all committee members

You could then have a parallel sub-committee parent that had all sub-committees included. It would be similar to the above, and include the volunteers

Otherwise, I don’t think it would be hard to implement my original solution. If all committee members are ALSO members of the subcommittee then they will already see all the discussions in any case. They can still use the category filters to see only relevant discussions.

Another possible solution if you want, is to have a Parent for Committee A that has two sub-categories - Committee Business and Sub-Committee Business so the two are more contained and in theory certain important staff might be able to mute the sub-committee if necessary

(cosmo) #6

The problem is that the parent committee members are not members of the sub-committee.

I hoped it would show the parent category as the committee category, but populate ‘empty’ only showing authorized content (such as sub-committee category and content) to people who are not authorized to see its’ content.

Oh well. I’m going to have to create a “Sub-committee” category that anyone can see, but no post/replies, and make all the sub-committees as sub-categories with individual group permissions to see them. counter intuitive for the end user… but oh well I guess.

Thank you for the reply @robmc. At least I know what is possible/not.
Suggestion: Create option to allow users to see master category without content.

  • Read/Reply/See
  • Reply/See
  • See
  • See Sub-Cats (only)


Is there a way to have the category visible to everyone, but the topics within the category non-visible?

Way to See Category but not the topics
Is it possible to show a category for everyone, but hide the contents (requiring users to make a forum account to view)?
(Robert McIntosh) #8

What is the use case for this?

The best solution I an think of would be to create a sub-category that would have all the discussions (and have restricted security settings) and have only 1 post (the ‘About this category’) visible in the parent category that is set to Everyone can See


Hi Robert,

Thanks for the response. The purpose is so that non-registered visitors can see that the category exists but would need to register to be able to access that content within that category (the good stuff essentially). It would inspire new registrations.

Also… in other cases (where higher levels of trust are required) it would inspire already registered members to contribute more to the forum to increase their trust level in order to access restricted categories… if they can see that the category exists and they are restricted until they reach a certain level of trust, I believe it would drive additional contribution from members into the forum.

(Robert McIntosh) #10


I think my solution above would work. You could use the parent category for the ‘sell’ text that describes the category and encourages users to sign-up or ‘level-up’ to join.

Another way to achieve this would be to keep the category private, but use groups to manage permissions. You can make categories available to only certain groups, and then either make the groups ones they can opt-in to join, or need to be added to by the group owner or admin. You can also have hidden groups that work the same way but are not visible to users.

You can then promote the list of available groups to your users instead.

Let me know how it goes


It’s a half way good solution. The only issue I see with it however is that people will see the parent category but won’t see anything else. Meaning, it’ll look empty. I wouldn’t want any part of the forum to look empty. It may give the impression that the forum is somewhat inactive.

It would need some sort of notice/message saying something along the lines of, “You don’t have access to this category. Only registered members can access this content”. It would definitely peak intrigue.

(Robert McIntosh) #13

All categories have a default topic in them: About the [category title] category so the category would never be empty.

This topic would be visible to all those who visit that category. In addition, the default first paragraph says:

(Replace this first paragraph with a brief description of your new category. This guidance will appear in the category selection area, so try to keep it below 200 characters. Until you edit this description or create topics, this category won’t appear on the categories page. )

If you replace this first paragraph with "This category is about X. Only registered members can access this content” it would also show when listing the categories and when they visit the topic, they would see the rest of the content.

Once it has been read, this will no longer be pinned to the top and so members who CAN see the content would have it disappear from their lists, but users without access would continue to see it when visiting the category.


Regardless of how far the default topic regresses, the category description is still displayed underneath the title of the category (on the main page interface).

Maybe the function of hiding topics within a category could be developed? Just a suggestion.

I do appreciate your support.

(Jeff Atwood) #15

We generally aren’t interested in building these kinds of user hostile features. “Look at all these interesting topics! Click on them! Oops, gotta register to see it!”

Perhaps a plugin could do that for you, though. I think there are some out there that implement this kind of bait-and-switch scheme.

The other option is to simply require registration to see anything (ala classic Facebook), and put a preview of the content elsewhere.


Hey Jeff,

I’ll look into the plugins. Out of curiosity, why do you consider them to be, “hostile features”?

If the features encourage and stimulate additional activity on the forum, wouldn’t this be considered conductive to the building of an online community? Essentially, this is the ultimate goal of a forum.

(Anna Berns) #17

We are also interested in allowing access to certain subcategories for certain groups but not to the higher level category (and can’t seem to as of now :slight_smile: ).

We know we could create separate top-level categories, but are trying to limit the number of top-level categories we have, so have several places where we have sub-categories underneath the higher level ones to manage that.

E.g. we have an overall Category that folks with full access can see, but SubCategory 1/2/3 on different sub-topics, and we want specific groups to not be able to see them all, but only one or 2 of the sub-categories. It looks like you can set it up in the security settings (assign group1 permissions to have create/reply/see access to sub-category1), but if you haven’t also given group1 access to the higher level Category, they don’t see sub-category1 in their list of categories when they login.

Is there any way to show them subcategory1 (with or without showing them the higher level Category name)?


(@danekhollas FYI)

(Simon Cossar) #18

Unless a group can see the parent category, they will not see the subcategory that they do have access to on the categories page. They will still see the sub-category’s topics on their latest page and be able to visit the sub-category topics directly from there. Attempting to visit the sub-category’s category page seems to throw an error though. Category permissions are not intended to be used in this way.

Could you switch things around so that the parent category allows access to all users who should have access to the various sub-categories? You could then limit access to the sub-categories to the groups who should have access to them.

(John McCall) #19

I have a slightly different need, but it’s related. Most of our forum is public, but we do keep a few categories private e.g. for “core team” work. However, it would occasionally be useful to be able to share specific threads from those categories with specific users who don’t normally have access to “core team” content — basically, if we’re reviewing feedback on someone’s work, it’d be nice to CC them in. Is there any way to manage that?

(Simon Cossar) #20

That might be best handled with a PM between your Staff group and the person who is being reviewed.

(John McCall) #21

Sure, we can definitely handle it outside the system.