Skip to main content

I saw these toggles and thought this could solve our problem of not being able to grant moderation privileges to a superuser without them having access to PII (community member email addresses). 

So I tested it by creating a test account and granting the tester the primary role of “moderator” and a custom role where only “forum moderation” is toggled on.

While my view in control was restricted, I was still able to view community members’ email addresses. 

 

Is this expected behavior? Why can I see user information when that option is toggled off? Is there any configuration I could set up to allow a community member access to forum moderation only? (Moving posts, merging threads, removing/adding tags, etc.)

Hi,

thanks for sharing your question here!

You were right with your assumption that this custom user role will give a user access to the forum moderation, but not to other pages such as the user profile pages.

What you did wrong with your test account was that you also gave the primary role of a Moderator, as this also will grant access to user profiles etc.

If I were you, I would leave the primary role this user as it is (probably Registered User or Superuser), and then only assing a custom user role with this special permission on top. This is everything that user will see after the login, I just tested it to be sure:

 

 

Note that, if your community is using an SSO login, this user will have to define a new password for the Control environment, as we do not have an SSO login in place there. Ideally, this user can use the “forgot password”-feature in the Control environment login page to define a new password. However I heard that sometimes this feature does not work - let me know if this is the case for you as well, then I can assist.

For a complete overview of custom roles and primary roles, I can recommend this FAQ:

Hope this helps!


What you did wrong with your test account was that you also gave the primary role of a Moderator, as this also will grant access to user profiles etc.

 

Hi @Julian, thanks for the detailed response. My first attempt was to set this up so that the primary role was superuser and not moderator. But when doing this, I was unable to access the control environment. As soon as I switched the role to moderator, I was able to access it (I had changed nothing else).

I can test it again but I’m wondering if it’s set up so that only moderators & above have access to control?


The role superuser itself will not give access to the control environment, as there is not a single page that the user would be able to see. For all regular users (e.g. Registered user, Superuser) it ist just possible in combination with a custom role, if it has one of these boxes ticked which enables access to the control environment. Community team roles (Moderator, Community Manager, Administrator) are the only ones which have default access to the control environment. So my guess would be that you changed the role to superuser but did not activate that custom role when you tested it.

 

In a way, it works a bit like permissions to see categories in the front-end: Once the platform knows your permissions allow you to see one or more pages (here the forum overview), you will be able to access it. Only being a superuser will not give you rights to view any page within the control environment, hence the login fails.


Reply