Understanding user statuses, roles, and permissions

:bookmark: This is a guide for understanding the various user statuses, roles, and permissions within Discourse, including how they affect user capabilities and how they are stored in the database.

:person_raising_hand: Required user level: Administrator

Discourse has many built-in user statuses, roles, and permissions.

These statuses and roles can be seen for a given user when viewing their profile from the users’ section of the admin dashboard:

Permission Status

Activated

Account has a verified email and is therefore active in the Discourse instance

  • Account may login to Discourse, inactive accounts may not login
  • Inactive accounts can only verify their email (and other routes as necessary to complete registration).

Storage: active boolean column in the users table

Staged

A special placeholder account which is created automatically by the system for email integration

  • No email digests are ever sent
  • Automatically watches all messages it participates in and receives notifications of replies
  • May reply via email to notifications
  • Username and Name are automatically picked
  • Account may still register with the same email and “take over” the staged account.
  • Forgot password will do nothing …when you attempt to send a password reset to a staged account

Storage: staged field in users table

Admin

Admin users are the superusers in the system, they can:

  • Impersonate non-admins
  • Change site settings
  • Create groups
  • Amend site customizations
  • Perform all the actions moderators can perform
  • Read any personal message
  • Create, delete and modify categories
  • Ignore category permissions to view private categories

Storage: The boolean field admin in the users table flags any admin accounts.

Moderator

Power-user capable of moderating the site:

  • Gets shield icon next to name on posts
  • Can perform all actions Staff can perform

Storage: the boolean field moderator in the users table

Staff

A staff user is any user that is either an admin or a moderator (or both).

  • Immune to rate limits
  • Can process flags and posts held in the moderation queue
  • Can delete topics and posts, split topics, merge topics, hide topics and so on.
  • Can view user info (Excluding emails for moderators)
  • Can suspend, silence, anonymize and delete users
  • Can adjust a user’s trust level

Storage: computed from the admin and moderator columns on the users table

Category Moderator

This is a non-staff user who is part of a group that has been granted select moderation powers over specific categories. This can be enabled per site using the enable category group moderation admin setting, and set for each category in the Settings tab of the category wrench:

image

Trust level 0 - 4

See: What do user trust levels do?

Storage: the numeric field trust_level in the users table

Suspended

Account suspended from Discourse instance

  • A note is displayed on the user page denoting suspension reason
  • Login is not allowed
  • Account can only be mentioned by staff
  • No emails are sent to the user for any notifications (digest, message and so on)
  • As an exception, any emails initiated by staff are still sent to the user

Storage: suspended_till datetime column in users table

Silenced

Either manually by staff or when an account is flagged by spam system as a problem account, all posting is disabled.

  • Account may not reply to any topic
  • Account may not create any topics
  • Account may not create PMs, but can reply to PMs
  • Account may not create flags
  • Account still can like and bookmark
  • Account can still change user prefs and about me (TBD if this is a good idea)
  • Mailing list mode stops working

Storage: silenced boolean column in the users table


Other Status

Users can have a few additional statuses not shown in the permissions section of the admin dashboard.

New user

Special restricted account for the first day of usage or new accounts. new_users have special rate limits defined in site settings

  • Trust Level 1 account created in the last 24 hours, or Trust Level 0
  • Non-staff account

Limits:

  • Can only create a topic once every 2 minutes (rate_limit_new_user_create_topic)
  • Can only create a post once every 30 seconds (rate_limit_new_user_create_post)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

First day user

Special additional restrictions that apply to an account created in the last 24 hours

  • Account created in the last 24 hours
  • Non staff account
  • Not TL2 or above

Limits:

  • May only create 10 replies (max_replies_in_first_day)
  • May only create 3 topics (max_topics_in_first_day)

Storage: computed from created_at, moderator, admin, and trust_level columns on the users table

Approved

If the site setting must_approve_users is enabled a user must be approved prior to being allowed to log in.

Storage: approved boolean column in the users table

Developer

Special account used to install Discourse

  • View rack-mini-profiler showing timings on the page
  • Impersonate any account including admins
  • Automatically becomes admin and has all admin rights

Storage: controlled via the developer_emails global setting or the developers table, in Docker install use the env var DISCOURSE_DEVELOPER_EMAILS to specify an email list of users who are developers.

Additional resources

For a more detailed breakdown of the specific powers granted to category moderators please see Trust Level Permissions Table (inc Moderator Roles).

Last edited by @pedrom 2024-07-03T03:41:22Z

Last checked by @hugh 2024-07-03T05:04:10Z

Check documentPerform check on document:
89 Likes