Manual:$wgGroupPermissions
User rights, access control and monitoring: $wgGroupPermissions | |
---|---|
Use this to set access rights for groups and users in these groups. |
|
Introduced in version: | 1.5.0 (r9367) |
Removed in version: | Still in use |
Allowed values: | (Complex array of boolean values.) |
Default value: | See below. |
Other settings: Alphabetical | By function |
Details
$wgGroupPermissions is a two-dimensional array indexed by user group and available permissions.
The value can be either true
to grant the permission or false
if it should not be granted.
Those permissions, which are granted with $wgGroupPermissions, are always cumulative.
If a user is member of different groups, then the user will get a right if it is granted to at least one of these groups even if it is not granted to their other groups.
In other words, If one of the user's groups has a right, then it is not possible to take the right away using $wgGroupPermissions
.
Instead use $wgRevokePermissions to revoke permissions to a grant.
When updating $wgGroupPermissions and you are using OAuth or bot passwords for external systems, you should also make corresponding updates to $wgGrantPermissions .
Example
$wgGroupPermissions['user']['edit'] = true;
This gives all registered users the ability to edit pages.
Custom user groups
You can also define your own user groups. User group names can be no longer than 255 characters.[1] The groups, which have been defined either in the default settings or in LocalSettings.php , can be assigned to users through the wiki Special:Userrights interface.
Example
# Start with assigning the default permissions from group "autoconfirmed"
$wgGroupPermissions['trustworthy'] = $wgGroupPermissions['autoconfirmed'];
# Add the permissions from group "bot"
$wgGroupPermissions['trustworthy'] = array_merge(
$wgGroupPermissions['trustworthy'],
$wgGroupPermissions['bot']
);
# Now modify these rights:
$wgGroupPermissions['trustworthy']['delete'] = true;
$wgGroupPermissions['trustworthy']['protect'] = true;
$wgGroupPermissions['trustworthy']['patrol'] = true;
This creates a group called "trustworthy".
Now add human readable names for your newly created group to the wiki for the "trustworthy" group, e.g. on page "MediaWiki:Group-trustworthy" in plural "Trustworthy editors" and on page "MediaWiki:Group-trustworthy-member" in singular "Trustworthy editor". This is an optional but recommended step.
Users of that group have the same permissions as users from the groups "autoconfirmed" and "bot". Additionally, they will be able to delete and protect pages, and to patrol edits.
For in-depth documentation, see Manual:User rights .
Default values
Default values vary from version to version. You may find the one which apply to your mediawiki setup in MainConfigSchema.php . For more info visit Manual:User rights .
Use by extensions
Some extensions, such as RenameUser or CheckUser , add new rights which can be configured and assigned in the same manner.
Examples
Since REL 1.25, you can do the following in extension.json
:
MediaWiki version: | ≥ 1.25 Gerrit change 166705 |
Assigning a new permission to an existing group
"GroupPermissions": {
"user": {
"edit": true
}
},
Adding a new group
"GroupPermissions": {
"trustworthy": {
"delete": true,
"protect": true,
"patrol": true
}
},
See also
Footnotes
- ↑
See length of column
ug_group
in the user_groups table.