Jump to content

Manual:$wgGroupPermissions

From mediawiki.org
User rights, access control and monitoring: $wgGroupPermissions
Use this to set access rights for groups and users in these groups.
Introduced in version:1.5.0 (r9367)
Removed in version:Still in use
Allowed values:(Complex array of boolean values.)
Default value:See below.

Details

$wgGroupPermissions is a two-dimensional array indexed by user group and available permissions. The value can be either true to grant the permission or false if it should not be granted.

Those permissions, which are granted with $wgGroupPermissions, are always cumulative. If a user is member of different groups, then the user will get a right if it is granted to at least one of these groups even if it is not granted to their other groups. In other words, If one of the user's groups has a right, then it is not possible to take the right away using $wgGroupPermissions. Instead use $wgRevokePermissions to revoke permissions to a grant.

When updating $wgGroupPermissions and you are using OAuth or bot passwords for external systems, you should also make corresponding updates to $wgGrantPermissions .

Example

$wgGroupPermissions['user']['edit'] = true;

This gives all registered users the ability to edit pages.

Custom user groups

You can also define your own user groups. User group names can be no longer than 255 characters.[1] The groups, which have been defined either in the default settings or in LocalSettings.php , can be assigned to users through the wiki Special:Userrights interface.

Example

# Start with assigning the default permissions from group "autoconfirmed"
$wgGroupPermissions['trustworthy'] = $wgGroupPermissions['autoconfirmed'];
# Add the permissions from group "bot"
$wgGroupPermissions['trustworthy'] = array_merge(
    $wgGroupPermissions['trustworthy'],
    $wgGroupPermissions['bot']
);
# Now modify these rights:
$wgGroupPermissions['trustworthy']['delete'] = true;
$wgGroupPermissions['trustworthy']['protect'] = true;
$wgGroupPermissions['trustworthy']['patrol'] = true;

This creates a group called "trustworthy".

Now add human readable names for your newly created group to the wiki for the "trustworthy" group, e.g. on page "MediaWiki:Group-trustworthy" in plural "Trustworthy editors" and on page "MediaWiki:Group-trustworthy-member" in singular "Trustworthy editor". This is an optional but recommended step.

Users of that group have the same permissions as users from the groups "autoconfirmed" and "bot". Additionally, they will be able to delete and protect pages, and to patrol edits.

For in-depth documentation, see Manual:User rights .

Warning Warning: Functionality to make specific pages inaccessible has not been extensively tested for security. Use at your own risk!


Default values

Default values vary from version to version. You may find the one which apply to your mediawiki setup in MainConfigSchema.php . For more info visit Manual:User rights .


Use by extensions

Some extensions, such as RenameUser or CheckUser , add new rights which can be configured and assigned in the same manner.

Examples

Since REL 1.25, you can do the following in extension.json :

MediaWiki version:
1.25
Gerrit change 166705

Assigning a new permission to an existing group

	"GroupPermissions": {
		"user": {
			"edit": true
		}
	},

Adding a new group

	"GroupPermissions": {
		"trustworthy": {
			"delete": true,
			"protect": true,
			"patrol": true
		}
	},


See also

Footnotes

  1. See length of column ug_group in the user_groups table.