In this post, we provide an overview of Vanilla’s role-based permissions system as well as the Ranks feature. Roles let you control what community members can do and what they can see. For example, Roles can be used to restrict access to forum categories, or another example, can be used to limit use of a feature like uploading file attachments to a post.
Upon account creation, there are 6 default Roles in your Vanilla account. Each of the default Roles have permissions that you would expect from the Role name:
- Guest: Guests are not registered and can view public content. Anyone browsing the site who is not signed in is a "Guest". We recommend leaving the defaults as is, allowing Guests to post will result in your forum being swamped with SPAM.
- Unconfirmed: This Role is given to members who have registered but have not confirmed their email address yet.
- Applicant: Users who have applied for membership but have not yet been accepted. They have the same permissions as guests.
- Member: Members can participate in discussions and access all end user functionality.
- Moderator: Moderators have permission to edit content and use the moderation features.
- Administrator: Administrators have permission to do everything including configuring the account and creating new Roles. If you plan on giving administrative access to others, it’s a good idea to create a Super Admin Role for yourself and scale back some of the permissions on the Admin Role.
It’s possible to edit the default Roles and to create new custom Roles. Here are the permissions that can be given to a Role:
- Delete Activity - Delete an activity from the Activity Page. This permission should only be given to admins and mods.
- View Activity - This allows the user to view the activity on the Activity Page.
- Advanced Notifications - This permission should only be given to mods and admins in small communities. This allows a notification to be sent when a new discussion or comment is posted. Once the community is up and running, the volume of notifications will become overwhelming.
- Manage Applicants - Permission to accept or deny new Applicants.
- Manage Curation - Gives the 'Promote' Reaction. The Promote reactions gives 5 points to the promoted content and displays it on the Best of Page.
- View Email - Members will be able to receive notifications via email.
- Manage Messages - The ability to create messages that appear at the top of pages. These are site wide messages that are created in the Dashboard under Appearance > Messages. This permission should only be given to admins and mods.
- Manage Moderation - Gives access to moderation functionality such as the moderation and SPAM queue.
- View Personal Info - Allows viewing of personal info such as email and IP address on the profile page.
- Edit Profiles - Allows editing of profile page info.
- View Profiles - Allows viewing other members' profile page.
- View Settings - Permission to view account settings in the Dashboard.
- Manage Settings - Only Admins or a custom Super Admin Role should be able to manage Dashboard settings.
- Signin - The permission to log in. Can be used to temporarily prevent a group of users from logging in.
- Approval - Ff this permission is set, unverified members' posts will have to be approved before they appear (also known as pre-moderation).
- Me Comments - Allows user to post a /me action. (Warning, me actions can break your custom theme.)
- Conversations Moderation - Admins or mods can view and manage private messages between members. This permission also requires a config setting change that can only done by Vanilla's customer support.
- Attachments Upload/Download - Permission to upload files, download files when the file upload plugin is enabled.
- Polls - Permission to create a poll type discussion when the Polls plugin is enabled.
- Edit Signatures - Permission to create and edit a signature when the Signatures plugin is turned on.
- Tagging - Permission to add tags to a discussion when Tags plugin is enabled.
- Reputation Give Badges - Usually only given to mods and admins, the ability to manually award badges
Roles can be given different permissions for each category. Category permissions can be set by editing the permissions for each Role or can be edited from the 'Edit Category' page. Category permissions are:
- Add Comments - Add a comment to a discussion.
- Delete Comments - Usually only for admins and mods, delete a comment on a discussion.
- Edit Comments - Usually only for admins and mods, The ability to edit a comment.
- Add Discussions - Permission to create a new discussion thread.
- Announce Discussions - Usually only for admins and mods, mark a discussion as an announcement and make it stick to the top of the discussion list.
- Close Discussions - Close a discussion so that no more comments can be added. Usually only for mods and admins.
- Delete Discussions - Only for mods and admins, delete an entire discussion.
- Edit Discussions - Another mod permission, edit the discussion (the first post of a thread).
- Sink Discussions - Ability to sink a discussion so that it falls down the discussion list even if new comments are added. This is a soft moderation technique to make a thread quietly go away without deleting or closing the discussion.
- View Discussions - This is the permission that allow you to restrict a category to a Role. If a Role cannot view discussions for a given category, the entire Category will be invisible to them, even in the category list.
Q: Can a members have multiple Roles?
A: Yes. A members can have multiple Roles and will have all the permissions given to all assigned Roles.
Q: How can I make a category invisible to certain Roles?
A: When editing a category, select 'This category has custom permissions'. Select or unselect 'View Discussions' for each Role. If a Role cannot view discussions in a category, that category will be completely invisible to members assigned that Role.
Q: Can Roles be set via SSO?
A: Yes, Vanilla's jsConnect can synchronize Roles from your website or app. Roles can be updated on each login.
Q: Can Roles be accessed via the API?
A: A list of Roles and Role permissions can be retrieved. Roles cannot be assigned or edited via the API.
Ranks is a feature that allows you to publicly recognize a member’s status. Ranks are unrelated to Roles except that it’s possible make a Role a prerequisite for being awarded a Rank. Ranks can enable functionality not available to members in other Ranks. To keep things clear, we call these ‘abilities’ instead of permissions. For example, the ability to include links in a post or have a signature can be given to more senior members who have proven themselves, have built a reputation and have earned a higher Rank. See this post for more information on Ranks.