Understanding user statuses, roles, and permissions

Discourse has many built-in user statuses, roles, and permissions.

These statuses and roles can be seen for a given user when viewing their profile from the users’ section of the admin dashboard:

The following describes the meaning of each status.

Activated

Account has a verified email and is therefore active in the Discourse instance

  • Account may login to Discourse, inactive accounts may not login
  • Inactive accounts can only verify their email (and other routes as necessary to complete registration).

Storage: active boolean column in the users table

Staged

A special placeholder account which is created automatically by the system for email integration

  • No email digests are ever sent
  • Automatically watches all messages it participates in and receives notifications of replies
  • May reply via email to notifications
  • Username and Name are automatically picked
  • Account may still register with the same email and “take over” the staged account.
  • Forgot password will do nothing …when you attempt to send a password reset to a staged account

Storage: staged field in users table

Admin

Admin users are the superusers in the system, they can:

  • Impersonate non-admins
  • Change site settings
  • Create groups
  • Amend site customizations
  • Perform all the actions moderators can perform
  • Read any personal message
  • Create, delete and modify categories
  • Ignore category permissions to view private categories

Storage: The boolean field admin in the users table flags any admin accounts.

Moderator

Power-user capable of moderating the site:

  • Gets shield icon next to name on posts
  • Can perform all actions Staff can perform

Storage: the boolean field moderator in the users table

Staff

A staff user is any user that is either an admin or a moderator (or both).

  • Immune to rate limits
  • Can process flags and posts held in the moderation queue
  • Can delete topics and posts, split topics, merge topics, hide topics and so on.
  • Can view user info (Excluding emails for moderators)
  • Can suspend, silence, anonymize and delete users
  • Can adjust a user’s trust level

Storage: computed from the admin and moderator columns on the users table

Category Moderator

This is a non-staff user who is part of a group that has been granted select moderation powers over specific categories. This can be enabled per site using the enable category group moderation admin setting, and set for each category in the Settings tab of the category wrench:

image

For a more detailed breakdown of the specific powers granted to category moderators please see Trust Level Permissions Table (inc Moderator Roles)

Trust level 0 - 4

See: What do user trust levels do?

Storage: the numeric field trust_level in the users table

Suspended

Account suspended from Discourse instance

  • A note is displayed on the user page denoting suspension reason
  • Login is not allowed
  • Account can only be mentioned by staff
  • No emails are sent to the user for any notifications (digest, message and so on)
  • As an exception, any emails initiated by staff are still sent to the user

Storage: suspended_till datetime column in users table

Silenced

Either manually by staff or when an account is flagged by spam system as a problem account, all posting is disabled.

  • Account may not reply to any topic
  • Account may not create any topics
  • Account may not create PMs, but can reply to PMs
  • Account may not create flags
  • Account still can like and bookmark
  • Account can still change user prefs and about me (TBD if this is a good idea)
  • Mailing list mode stops working

Storage: silenced boolean column in the users table


Other statuses

Users can have a few additional statuses not shown in the permissions section of the admin dashboard.

New user

Special restricted account for the first day of usage or new accounts. new_users have special rate limits defined in site settings

  • Trust Level 1 account created in the last 24 hours, or Trust Level 0
  • Non-staff account

Limits:

  • Can only create a topic once every 2 minutes (rate_limit_new_user_create_topic)
  • Can only create a post once every 30 seconds (rate_limit_new_user_create_post)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

First day user

Special additional restrictions that apply to an account created in the last 24 hours

  • Account created in the last 24 hours
  • Non staff account
  • Not TL2 or above

Limits:

  • May only create 10 replies (max_replies_in_first_day)
  • May only create 3 topics (max_topics_in_first_day)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

Approved

If the site setting must_approve_users is enabled a user must be approved prior to being allowed to log in.

Storage: approved boolean column in the users table

Developer

Special account used to install Discourse

  • View rack-mini-profiler showing timings on the page
  • Impersonate any account including admins
  • Automatically becomes admin and has all admin rights

Storage: controlled via the developer_emails global setting or the developers table, in Docker install use the env var DISCOURSE_DEVELOPER_EMAILS to specify an email list of users who are developers.

80 Likes
Modifying Staff Roles to go beyond Administrator and Moderator?
List of full moderation tools?
Deactivating users permanently
Improving Blocked User State
Which setting(s) would prevent Discourse from emailing an old user?
View Forum as User X
What permissions can admins give moderators?
A new trust level: The Helpful member?
Levels and Staff roles
Allow moderators to create groups
Suspend all users apart from admin users for development copy
How does discourse count users?
Comparing moderation powers
What is a staged user?
How to reply to staged user through discourse?
A single number for users ranking (reputation like)?
Who is able to change profile of another user
Understading groups in discourse
How do I block a user?
Can I enforce Slow Mode on a per-user basis or limit their comments?
Watch topic using email address without requiring registration
How to get an API key
How i can manage roles for moderators and administrators?
Improving Blocked User State
Disable DM visibility from Admins
Unlisted option on creation of a new topic
Understanding Discourse Trust Levels
Improving Blocked User State
Are banned members supposed to receive email notifications?
What is a staff user on hosted Discourse?
Limit the daily number of posts from a user
Major slowdown for staff in large topics
For how long a new user is considered "new user"?
How to invite someone to answer a question?
Auto-remove accounts when SSO ID is not longer valid
Best strategy for member who wants to "pause"? Suspend may not be it
How might we better structure #howto?
Send email to non registered user in a group
Difference between “member” and “staff user”
Send email to non registered user in a group
How to disable mail for staged users?
New pending application generates staff notification
Discourse User Features
Discourse User Roles difference
Change user registration date (created_at) via API
Please update 'Understanding Discourse Trust Levels' — or is there a different doc?
When you started your first Discourse community, what did you find hard to do?