Knowledge Base Article

Aurora Group roles and permissions

This article describes the roles and permissions used with Groups.

  • Group roles
  • Custom Group roles
  • Mapping Group roles to content workflow capabilities
  • Group permissions
  • Add members to Group roles
  • Permissions for Group role hierarchy

Group roles

Community includes out-of-the-box Group roles: Owner, Curator, Inviter, and Member. Community Administrators can create custom group roles at community, category, board, and group levels. You can add members to these Group roles only at the Group level. Note that you cannot add members to the Group roles at community or category level.

A group can have multiple Owners. Only Community Administrators can assign the Owner role to group members. (Owners cannot assign the Owner role to other members.) Members with the Administrator role can perform all Owner actions. Owners and Administrators can assign group members the Curator and Inviter roles. This enables other group members the ability to create and manage place content and to invite other community members to the group. Having both a group Owner and one or more Curators helps distribute the task load for node content.

An Owner can:

A Curator can:

Note: By default, the Edit items in list widgets permission is enabled for Group Owners and Curators to manage featured content and places widgets on any page.

An Inviter can:

  • Invite users
  • Perform all Member actions

A Member can:

  • Create content
  • Reply to content
  • Edit their own content
  • Delete their own content
  • Tag content (if tagging content is permitted in the group's parent node)

Mapping Group roles to content workflow capabilities

You can map the Group roles to the capabilities in the KB and Blog content publishing workflow:

  • Owner has all 3 capabilities: Authoring, editing, and publishing
  • Curator has all 3 capabilities: Authoring, editing, and publishing
  • Member has only authoring capabilities

It is recommended to assign permissions to the roles instead of the users.

Custom group roles

Community Administrators can create custom group roles in Settings > Roles and Permissions at the community, category, board, and group node level. Group roles are created for a specific group; custom group roles are not shared across groups and custom group roles are not inherited from parent nodes. Learn more about Custom group roles.

Group permissions

Groups are backed by the standard Community permission system. Each membership type has default permissions that are applied when a group is created.

Important! We strongly recommend against altering permissions on a per-group basis. Doing so could inadvertently override certain key permissions, such as making a Hidden group visible to non-members.

At the Community and Category node level, Community includes these group permissions:

  • See groups: See the group node type
  • Edit groups: Edit group properties
  • Delete groups: Delete a group and all its content
  • Create groups: Create a group.
    Note: The Create groups permission enables a member to create a group with a forum. To enable all discussion styles in a group, a member must have Add any community-supported boards set to Grant.
  • Move groups: Move a group to another location in the community structure. A group cannot be moved into another group.
  • Edit groups in Community Settings: Enables a member to edit group info at community admin level.
  • Add any community-supported boards: If granted, members can add any supported boards (Forum, Blog, KB, Ideas, Event) within the group.

At the group node level, Community includes these group permissions:

  • See group: See group nodes
  • Edit group: Edit group node properties
  • Delete group: Delete a group and all its content
  • Add any community-supported boards: If granted, members can add any supported boards (Forum, Blog, KB, and Ideas) within the group.
  • Edit groups in Community Settings permission enables a member to edit group info at community admin level.
  • Send group invitations: Send invitations to join groups.
  • Bypass group invitation flood control: Members with this permission can bypass the flooding control set in place when sending membership invites.

Add members to Group roles

At Group level, Admins can add members to Group roles to perform certain tasks in the Group based on the Group role. Note that members must be a part of the Group to perform these role-based tasks.

To add members to a group role:

  1. From the Account menu, go to Settings > Community Structure.
  2. From the structure, click the name of the Group.
  3. From the Settings page, click Group Permissions.
    The Settings page is displayed with Group Permissions Defaults and Group Roles sections.
  4. Under Group Roles, click any of the roles. For example, Curator.
    The Group permissions page is displayed with default Curator permissions and Members of the role. 
  5. To add members to this role, click Add Members next to the Members section.
  6. In Add Members window, find and add members. Click Save.
     

    Note that you can add up to 10 members at a time.

Permissions for Group role hierarchy

A tab called Group Roles is available under Community Settings > USERS. All the group related roles (Curator, Inviter, Member, and Owner) are available on this tab. These roles are available at the community and category levels.

The roles hierarchy for Groups enables global management of group role permissions. You can change the membership role permissions either at the community level or at the category level. The permissions for the roles cascade down to all the groups within the community or the category, respectively.

Learn more about Group roles hierarchy and how Group role permissions are determined.

Updated 6 months ago
Version 12.0
  • Incredibly disappointed to read that group owner role still cannot be assigned by other group owners... or at least be an option to allow it to be owner assignable.

     

    This is an incredibly frustrating pain point in groups in classic.

    I want internal employees to be able to act as owners within groups, either because it is their job to help group owners or because their team creates the groups and wants multiple members to be able to run them - without assigning them administrator role. It feels like this is an obvious use-case yet, the problem has been transferred to aurora.