New category permission: can post/reply, but not read


I am in the process of erecting a new Discourse platform and I require your assistance in a particular matter. In the Discourse platform, I intend to develop, I seek to implement a configuration where only the topic creator and administrators can view the content within a specified category. This section is poised to essentially operate on the “Bug Report” concept. It is crucial that the reported bugs are not visible to and thus cannot be exploited by other users, instead being exclusively visible to the reporter and the administrators. How might I accurately effectuate such a setting?

1 Like

hi @anilguven welcome to Meta :wave:

you can create a group for bug reporters and then use the security settings in the category you wish to secure to allow only that group and admins to access (or staff if you want mods to have access).

admin - groups - +new group

in the category page for the category you want to secure, click the wrench icon at the top right and you can access the particular category settings, including security. you should be able to add the new group there with the permissions you want.

1 Like

Hello @Lillinator, I extend my gratitude for your response. When I test your suggestion, members of the group will be able to observe all posts. In fact, my goal here is for the topic to be visible only to the individual who created it. Other users should not be privy to the topics created by other users and should refrain from engaging in any interaction.

For instance; User A has created a significant topic in the Bug Report category for reporting an issue. This topic should not be visible to Users B, C, or D in the same forum. Only User A who created the topic, alongside moderators and administrators, should be able to view the topic opened by User A.

1 Like

aha i see. hmmm, i’m not actually sure if this is possible. perhaps someone else might know. i wonder if a plugin is possible. :thinking: my apologies, i misunderstood that you only wanted the bug report poster and not a bug reporter group to have access.

1 Like

Hello and welcome @anilguven :slight_smile:

I think a group inbox would probably be a good fit for this. User A would send a message to @bug-report and it would appear in the @bug-report group inbox where everyone in the group could see it, but only those who were participants of the message would be able to see their individual ones. Would something like that work?


Hello @JammyDodger, thank you :slight_smile:

I understand your suggestion, yet it needs to be constructed as a subject similar to a forum platform. This topic possesses a specific template, and it is anticipated that users will report bugs in adherence to this template.

Incoming bug notifications are then reviewed by moderators and subsequently relayed to the administrators. The individual who initiated the topic is also provided with responses related to their report directly through the topic by the administrators. Despite operating exactly like a conventional forum, the singular difference lies in the fact that the topic can only be viewed by the one who created it.


This is something I have been craving for for a long time, I described it here as #4 with the exact same use case. Offering "private support" as part of a public support community

I believe group inboxes are inherently flawed in a number of ways (like this)

It should be doable with a plugin although it might take some time to get right. I just have not found the time or justification for the effort yet (if you have a budget and/or development skills, let’s talk)


I’m becoming convinced.

And it’s not topic-level permissions, it’s just another category permission. I can imagine how some pieces would work, but there are a bunch of little things that I’m not sure how to do.

Seems like it could be an interesting project. I can’t help out right now, but if you have some time in a month or two, ping me and maybe we can work on it together. Of course, if someone were paying then it would be easier to find the time!


In truth, this feature, similar to its presence in other forum platforms, should be a component here too. As it addresses a common need, I find its absence rather perplexing. Consequently, I initiated some research, however, I’m afraid my endeavors didn’t yield the desired results. The requirement will specifically pertain to the Create/Reply permission, although only the author of the topic and the administrators will possess the See permission.

Right. There would be a create permission that did not include read, but would allow reading topics created by the user. So a new type would get added here:

~~discourse/app/models/category_group.rb at main · discourse/discourse · GitHub

And then a whole bunch of code that refers to those types would need to get modified. Or for a plugin, maybe it would make more sense for CategoryCustomField to get added that would bypass the creation restrictions and update category and topic serializers to include the now-available topics.

Maybe you’d create a topic in a category with create permissions and after_create (or similar) the plugin would move it to a subcategory that only staff can see. And then the category serializer could be ammended to pull user-owned topics from the hidden subcategory into the category. That wouldn’t require a new category permission at all and if the plugin were removed, the topics would just be regular topics in a staff-only category. A proof-of-concept of this (without proper specs and such) might not take too long. I might poke at this later today (though I’m afraid I might have other work to do.)


So I decided to sacrifice my Friday and finally implement this, it would be cool if you could give it a whirl.