Showing results for 
Show  only  | Search instead for 
Did you mean: 

Default Permissions - ALLOW or DENY by default?

Hi.  We're beginning to set up permissions for Beta users (the first external users we'll bring on) and I'm getting uneasy about our current permission setup. Advice would be appreciated.

Screenshot 2022-12-08 at 11.08.51 PM.png


To be clear:  As it stands today, ALL USERS MUST BE REGISTERED (via SSO) TO READ/WRITE.  While I'm not sure how that's configured, apparently the default permissions have nothing to do with it. 

Reason for proposed change:

What if we were to spin up a new role in the future, like "StrategicPartner" and forget to set up the community disallowance?  Processes should help prevent this, but Default = Allow just seems reckless.

How would you set it up?  Is there anything else I need to consider?  Now's the time  to tweak it before we get deep.  Are there any benefits of keeping it the way it is now?   What would you do?

2 Replies 2

I would say that if the majority of your current and future audience should not have read/post at Community level then I'd agree the Default user role should have this set to Deny. Then when you set up a new role that has an increased privilege above default then you can change this as part of the new role. So those are exceptions to the default rather than setting up the deny for every new role you add different to the default. 

For reference, our default role is set to a regular average trusted member. We only have 2 roles which are more restrictive. Sounds like your default is more restrictive with permissions above that being granted by certain roles. 

Senior Community Manager | Strava

Hello @keithkelly 

The general best practice is to set permissions to deny by default and use roles to grant access at whatever level/area of the community.

Also, permissions are complex so I suggest you sign up for Communities Product Coaching with our expert. 

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.