Forum Discussion

Lindsey's avatar
Lindsey
Leader
5 years ago

How do I correctly override posting permissions

On my community, permission to post works in this way:

- Default users can reply (permission: create_message=true), because we want anonymous users to start a post so they can be enticed to create an account.
- Signed in users that are not verified in our SSO system are given role "Unverified", which takes away permission to reply.
- Rank "Verified" are users that have verified their email in our SSO system, which re-grants them ability to reply.
- We created one sub-category that is read-only and also removed permission to reply for default users. However, "Verified" roles were still seeing they had permission to reply (create_message=true) since I assume that role overrode the specific permission on that sub-category.
- I tried creating role "Verified" for that sub-category specifically and also removed permission to reply, but it was still showing up as create_message=true for these users.

Why is create_message=true for posts in the read only sub-category that has create_message=false for default users and create_message=false for "Verified" role inside that subcategory, but create_message=true for "Verified" roles in the overall community? How can I change permissions so "Verified" users cannot post in read only sub-categories but admins and moderators can?

  • lolagoetz's avatar
    lolagoetz
    Boss
    5 years ago

    Default permissions are inherited from the parent, so any time you default grant it's difficult to override that setting and remove it. Grant trumps deny pretty much every time in my experience.

    You should start with default as deny, then grant using roles if you want to do this. And I would recommend NOT setting the posting permissions to default grant at the community level because it creates a host of problems.

    Put the community-wide default as deny and then you can default grant to anonymous users at the category and board levels. It's tough to make a more explicit recommendation without seeing how you've set things up. I hope this helps a bit, though.

    • Lindsey's avatar
      Lindsey
      Leader
      5 years ago

      lolagoetz if I were to create an 'anonymous' role, how would I add anonymous users to that role?

      • lolagoetz's avatar
        lolagoetz
        Boss
        5 years ago

        You don't have to add them to a role, you just let the permissions at the category level grant it to them. You just don't want to put default grant at the community level because it causes cascading problems (including the verified users you mentioned).

        This is really complicated to explain without seeing what your default settings are at the community level and then at the other nodes. 

        If you want to reach out, I may be able to provide some more guidance offline.