Access / Permission Issue for Groups

Kabir

I’ve installed version 1.8.9, and so far, it’s great. However, I couldn’t find solutions to the following requirements, which are very important for me:

User Groups: I want to grant specific access to certain user groups but not all permissions. For example, I’d like to give moderators access to "Invite" and "Tag" settings but restrict them from accessing other areas like Dashboard, Basics, Emails, Appearance, or extensions. Is there a way to achieve this? If there’s an extension available for this, it would be perfect and fulfill my requirements.

Renaming the "Member": I’m unable to rename the default user group "Member." It doesn’t appear in the permissions section where other user groups are listed. I wish there was a way to rename it to something more aligned with my needs.

huseyinfiliz

Kabir

I understand the challenges you're facing, as they are common among many administrators aiming to set up precise permission controls in Flarum. Allow me to provide some insights and suggestions based on my experience:

Default “Member” Group
The “Member” group is a default system group in Flarum, and its name or behavior cannot be changed directly through the interface. It serves as a general group for all registered users. However, to implement more flexible group management, I’ve employed the following setup:

Custom Groups:
I created two custom groups:

"New Members" for newly registered users.

"Registered Members" for verified users who have participated in the forum at least once.

Auto Moderation Workflow:
I used the Auto Moderator extension to streamline group transitions:

Initially, all new users are placed in the "New Members" group. Their first post or topic is subject to moderation approval.

Once their first post or topic is approved, the Auto Moderator automatically moves them to the “Registered Members” group.

This setup ensures new users go through an onboarding phase while giving active participants additional privileges.

Granular Permissions for Moderators
Unfortunately, Flarum doesn’t natively support advanced role-based access control (RBAC) like moderators don't access to only specific admin panel sections. (e.g., “Invite” or “Tag” settings).

This response is based solely on user experience and does not contain definitive answers.

clarkwinkelmann

The admin panel is only accessible to super admins, who will always have access to all features in the admin panel. If extensions want to offer features for less privileged groups, they need to place those features in the "forum" frontend and offer a permission to control who can access it. The way Flarum was designed, it would be almost impossible to scope features in the admin panel. The feature must be placed elsewhere by the extension.

By its very concept, it would be very delicate to give access to the tags management to non-admins, as tags are part of the permission system, and a moderator could do as much damage as if they were a full blown admin.

If you want to create super admins but not show them as such on the forum, you can choose to make the default admin group invisible, then create cosmetic groups for your different admins that will be visible on the forum.

For the Members name, I saw this question was already asked and answered in a different thread. Since "Members" is a virtual group, its name should not really be visible anywhere except in the admin panel settings. You can use the Linguist extension to rename the group in the admin panel if you really want to.

Kabir

@clarkwinkelmann & @huseyinfiliz thank you for the detail reply.

But from my experience with other forum cms, I felt permission RBAC is a basic and important feature. I am not sure about the technical difficulties behind this feature. But I need this. I cant give full admin access also I cant stop giving access to tags and invite code or some other basic option to mod or any other user group. I am in tough situation to make a decision for this issue. Hope there is a way around this even if its involve with custom code or paid extension.

huseyinfiliz

Kabir Based on your example, the extension providing the invite feature could add an option to allow specific groups to manage it from the forum frontend.

Kabir

huseyinfiliz Instead of working with every plugin, I think a default feature that allows administrators to control how much access they want to give or which extension to use would be much easier. Anyway, thank you for your time. Take care and love!