Understanding groups and category permissions (security settings)

:information_source: See this video tutorial for an example of how to use these features: Create a private category with limited access for a certain group

The Security tab on the category edit page is used to control both the visibility of categories and what users can do in a category. This is done by defining an access list of groups that associate a group name with an access level. The default permission for a new category is that the group everyone can Create/Reply/See. This means that all users on your forum, including anonymous users, have access to the category. You can change this state by adding or removing groups and changing their permissions.

Adding groups

To add a group to the list, click the Add a group button. On a new forum, the group dropdown will have the everyone, admins, staff, and moderators groups, as well as a group for each of the four Discourse trust levels. If you have added a custom group to your forum, that group will appear in the group dropdown menu.

Once the group is added, you can select between three levels of access: See, Reply and Create. Create is the permission to create a topic in the category. Reply is the permission to post in a topic. See is the permission to see the category’s content. Combining groups with permission levels gives you control over what users can do in a category.

Removing groups

To remove a group, click the :wastebasket: button.

Category visibility

If a group cannot See a category, that category will not appear in the user interface for its members. Members of groups who have access to a category that can’t be seen by everyone will see a padlock icon next to the category’s badge.

A group that can See a category, but can’t Create or Reply will have the category badge and content displayed normally in their user interface. On the category’s page, the New Topic button will be greyed out and disabled for them. The category will also not be available for them in the composer’s category dropdown menu. Users who can only See a category can still receive notifications for the category and have the category’s content included in their digest email.

Permissions for Admins and Moderators

Admins are always able to Create/Reply/See in a category. Moderators do not have default access to a category - for moderators to access a category they must be included in a permission rule. Moderators are in the staff and moderators groups, they can also gain access to a category by being a member of a custom group.

The difference between the everyone group and Trust Level 0

The everyone group is made up of all users, including anonymous users. The Trust Level 0 group is all users who have created an account and are logged into your forum. You can disallow anonymous access to a category by setting the group to trust_level_0 instead of everyone.

Examples:

Limiting access to a category to members of a custom group

Allowing all users to see a category, but only group members to create content

Allowing all users to reply in a category, but only group members to create topics

Allowing all users except anonymous users to access a category

Last edited by @JammyDodger 2024-05-25T07:33:29Z

Check documentPerform check on document:
44 Likes

2 posts were split to a new topic: Creating a ghost category for use with a channel

Where do you discuss the ability to delete e.g. posts?