Two of the most important aspects of your Higher Logic Vanilla (Vanilla) community are Roles and permissions:
- Roles are like high-level categories in which your users are grouped.
- Each Role can be customized with a unique set of permissions to control what users with that Role can see and do in your community.
📝 NOTE: Every user must be assigned at least one Role.
✔️ TIP: There are two important times to review your Roles and permissions: Prior to launching your Vanilla community, and when updating your community's settings.
Access your Roles and permissions
1. Access the Dashboard.
2. Navigate to Settings > Membership > Roles and Permissions.
On this page, you can:
- View your existing Roles
- Create Roles
- Edit and delete Roles
Additionally, click the Advanced Settings button to enable Private Communities and control what permission level is required to expand the SSO ID permission via the API.
Note for customers with a pending migration
During your test and final migrations, your current users and Roles will be imported into your production site.
Because Vanilla has its own feature set and will likely vary from your previous provider, you'll need to adjust the Roles and permissions. A best practice is to analyze and note these during the test migration, as they will be wiped out during the final migration and will need to be re-applied after the final migration. If you're unsure, contact your implementation project manager.
Notes for customers using SSO
When using SSO, you can choose to pass Roles (or not). To learn more, see:
Six default Roles are available:
What Roles you use will depend on your registration settings, where you are in the community lifecycle, and if you plan to use SSO.
📝 NOTE: If you're migrating from another platform, plan to use SSO, have a private community, or have a highly customized setup, your Roles may vary from those listed above.
This is a special Role that represents non-logged in users in Vanilla. You can use this role to restrict what logged out users see when viewing your community.
📝 NOTE: Because Vanilla does not allow anonymous posting, this role cannot be given other permissions.
If you don't want Guests to be able to see your community (i.e., must be logged in to view), you can also enable Private Communities. If you set your community to private, only registered members will be able to view and post. If a user who is not logged accesses the community, they will see a login page (or be redirected to an SSO sign-in, if applicable).
Since search engines and their crawling bots are essentially Guest viewers, it’s important to understand that only content Guests are allowed to see will be indexed and appear in public search results (e.g., google, bing, etc.). If you set your community to private, or restrict view permissions for the Guest role, your community may not be indexed at all.
If your community is using Vanilla-based registration (i.e., not SSO) and requires users to confirm their email, this Role will be given to users who have registered but have not yet confirmed their email address.
If your community is using Vanilla-based registration (i.e., not SSO), and have the Approval method of registration enabled, this Role will be given to users who have applied for membership but have not yet been accepted by an admin or mod. By default, these users have the same permissions as Guests.
Members can participate in discussions and access all end-user functionality.
Moderators have permission to edit content and use the moderation features.
Your Moderators manage day-to-day life in your Vanilla community; they typically have permission to edit and curate content, review spam and moderation issues, and manage user accounts.
Administrators have permission to do just about everything, including configuring your Vanilla account and creating Roles. Your Administrators are responsible for setting up your community, including creating accounts, configuring addons, managing Categories, and managing Themes.
In addition to the six default Roles just discussed, the Account Owner Role is a special Role reserved for the main community administrator of your team.
- This Role does not show in the Dashboard
- It is set up by Vanilla
- Think of this Role as a super admin
✔️ TIP: DO NOT use this Role for permissions testing; it will supersede the assigned Roles and Permissions settings.
Automatic Role assignment
You can automatically assign Roles to your users in two ways:
- Via the Automatic Role Assignment feature
- Via email domains
Check out the article below to learn how to do both.
Delete a Role
1. Click the trashcan icon to its right.
2. In the resulting dialog, you'll be notified how many users will be affected by this deletion, and have the opportunity to move them to a different Role. If users have multiple Roles, this may not be necessary; however, if the Role being deleted is a user's only Role, it's important to give them a replacement Role granting member access or they will not be able to log in to your Vanilla community.
Why can’t I delete some Roles?
A few default Roles are needed for the infrastructure of certain community features and cannot be deleted: Guest, Unconfirmed and Applicant.
Edit a Role
1. Click the pencil icon to its right.
2. On the resulting page, you can update basic Role details, like its name, description, and Default Type, as well as its permissions (more on permissions below).
Personal Info option
A user's email address and IP address are considered "personal info," and are only visible to users with the
Garden > Personal Info > View permission.
If you toggle the Personal Info option for a Role, it also becomes "personal info," essentially making it a "hidden" Role only visible to those with the same permission.
Personal info on a user profile
In this section, we'll take a high-level look at the available permissions you can assign to a Role. When updating permissions, be sure to click Save at the bottom of the page to apply them.
📝 NOTE: Permissions are grouped into various categories (e.g., Garden, Reputation, etc.). Certain permissions are associated with optional addons and integrations. If some of these permissions are not available to you, verify the associated addon or integration is enabled, or contact your CSM or Support.
The Garden section governs some of the most important permissions in Vanilla, and should be carefully reviewed for all Roles. Each permission is discussed below.
- View - Users can view the activity on the Activity Page.
- Delete - Users can delete any activity (regardless of author) on the Activity Page.
- Allow - This permission is now deprecated since the introduction of our category following feature.
- Manage - Gives users who have the “View Settings” (but not “Manage Settings”) permission access to: Banner settings, Category settings, and Reaction settings.
Enabling the "Manage Curation" permission provides the following benefits:
- Gives access to the Promote Reaction. The Promote reaction gives five points to the promoted content and displays it on the Best of Page. (Read more)
- Gives additional weighting to SPAM or Abuse reactions. When reacting with the SPAM and Abuse reactions, this will set the user’s reaction to have a weight of five points rather than the default one point per reaction. (Read more)
- Gives users the ability to mark answers as rejected/accepted. (Read more)
- Gives users the ability to change a discussion to a question when the Q&A addon is enabled.
📝 NOTE: This is typically a default permission for the Moderator Role.
- View - Users can receive notifications via email. This does not reveal the email addresses of other users in the role. Typically, this should only be disabled for Roles that should not receive email notifications of any kind (including password reset emails, etc.).
- Manage - Allows users to export CSVs of community data, as described here.
- View - Provides the ability to view email, IP, and any additional profile fields marked as "internal info."
Enabling the "Manage Moderation" permission provides the following benefits:
- Gives access to the Moderation queue. (Read more)
- Gives access to the SPAM queue. (Read more)
- Gives access to the Change Log.
- Gives permission to change the status of an idea when Ideation is enabled. (Read more)
- Gives permission to approve Role Applications. (Read more)
- Gives permission to Move and Merge posts. (Read more)
📝 NOTE: This is typically a default permission for the Moderator Role, and is what identifies a user as a Moderator.
- Allow - Hides Pockets labeled as ads. (Read more)
- View - Users can view personal info on a user's profile, such as Email, Register IP, and Last IP on the profile page. For security reasons, we strongly recommend only giving this Permission to admins and trusted moderators.
- Edit - Users can edit their own profile picture.
- Edit - Users can edit their own profile. Does not grant the ability to edit other user's profiles.
- View - Users can view the profiles of other users.
- View - When viewing a post in your community, users can hover over a Reaction to see who reacted (the reacting user's username is displayed in the hover popup). NOTE: This is typically a default permission for the Moderator Role
📝 NOTE: This Role permission gives you granular control over who can see who reacted to posts. On the Dashboard > Settings > Discussions > Reactions page, you can also click the Settings icon to apply a global rule for viewing Reactions (options are: In a Popup, As avatars, or Don't show). This allows you to, for example, use the global rule to turn off this feature and use the Role permission to only give this ability to specific Roles.
- View - Users can view account settings in the Dashboard. This permission, along with the "Manage Community" and "Manage Moderation" permissions, are required to have access to the Dashboard. 📝 NOTE: This is typically a default permission for the Moderator Role.
- Manage - Grants full access to all functionality in the Dashboard. This is an Admin only permission. This permission is typically what identifies a user as an administrator.
- Allow - Enables users to log in to your Vanilla community. Generally speaking, this should be enabled but it can be used to temporarily prevent a group of users from logging in.
- Allow - For certain integrations, like Zendesk and Salesforce, this allows staff to access the plugin functionality without gaining Vanilla community moderation tools.
- Add - For use with API v2. Allows users to generate personal API tokens via their profile. The tokens’ permissions will be reflective of the permissions of the user who generated the token. (Read more)
- Add - Users can upload attachments when using the Rich editor. (Read more)
- Edit - Users can edit their usernames from their profile. (Read more)
- Add - Allows moderators and admins to manually create users on the User page in the Moderation section of the Dashboard (read more), as well as to create users via the API using their API token.
- Approve - Allows moderators and admins to approve users’ requests for membership, if using the Approval registration method.
- Delete - Allows moderators and admins to delete members from the User page in the Moderation section of the Dashboard, and delete users via the API using their API token. (Read more)
- Edit - Allows moderators and admins to edit user info in the Dashboard, on frontend user profiles, and via the API using their API token.
- Require - If this permission is set, unverified members’ posts will have to be approved from the moderation queue before they are posted on the community (also known as pre-moderation). (Read more)
- Me - This permission has been deprecated and no longer functions.
- Closeown - Users can close their own discussions. (Read more)
- Add - If the Tagging addon is enabled, this permission allows users to create Tags. Note that if tagging is enabled, all users can add existing tags to discussions; this permission is to allow new tags to be created.
Conversations are private messages sent between users. This feature lets users continue conversations outside of discussions, interact with moderators and administrators, and privately share information between each other. (Read more)
- Add - Allows for new private conversations to be initiated. Removing this from users will still allow them to receive messages from those with the permission, they simply will not be able to initiate conversations. Note that admins and moderators need this permission in order to use the Warnings & Notes addon.
- Manage - Enables admins and moderators to view and manage private messages between users. Note that this permission is not recommended. If an appropriate use-case arises, a config setting change must be requested through your CSM or Support.
- Allow - Users can upload files when using a legacy editor (i.e., any editor other than the Rich editor).
- Manage - Grants access to the Pockets addon, if enabled. (Read more)
- Add - Permission to create a poll-type discussion when the Polls plugin is enabled. (Read more)
- Edit - Users can create and edit a signature when the Signatures plugin is enabled. (Read more)
📝 NOTE: These permissions are only available if the Reactions addon is enabled.
- Add - Users can apply the “Spam” and “Abuse” Reactions. If enough of these occur, the post will be hidden for review (read more). In addition, it allows users to report posts. (Read more)
- Add - Users can apply the “Dislike,” “Downvote,” “Off Topic,” and “WTF” Reactions. Negative Reactions are inactive by default. (Read more)
📝 NOTE: These permissions are only available if the Badges addon is enabled.
- Give - Enables admins to manually award badges from a users profile or from the badges page, as well as to approve badge requests. This also governs the ability to give badges via the API using their API token. (Read more)
- Manage - Enables the ability to create and manage badges in the Dashboard. (Read more)
- Request - Users can request a badge from the badge request page. This action sends the request to the badge request queue. (Read more)
- View - Ability to see badges on profiles. (Read more)
📝 NOTE: These permissions are only available if the Knowledge addon is enabled.
- Add - Users can add articles to your knowledge base. (Read more)
- Manage - Users can manage your knowledge base articles.
- Manage - Allows the user to create, edit, and copy existing dashboards.
- View - Allows the user to view out-of-the-box analytics dashboards that others have created.
📝 NOTE: These permissions are only available if the VanillaPop addon is enabled.
- Add - When using VanillaPop, grants ability to comment by email.
- Add - When using VanillaPop, grants ability to add private messages by email.
- Add - When using VanillaPop, grants ability to add discussions by email.
📝 NOTE: These permissions are only available if the Groups and Events addon is enabled.
- Add - By default, group owners, leaders, and managers can invite users to join Groups by searching and selecting registered usernames. This permission these users to also be able to invite users to join groups via email addresses. (Read more)
- Add - Grants the ability to create new groups. (Read more)
- Manage - Grants the ability to moderate groups, even if not a group member. (Read more)
- Allow - If your community is using the Avatar Pool addon, and a user has the ability to access the dashboard, this allows them to add additional images to the Avatar Pool images available to end users.
Default Category Permissions
These permissions apply to any categories that do not have "custom permissions" enabled. To enable custom permissions for a category, edit the category in question and toggle the This category has custom permissions option. (Read more)
Check out the article below to learn more:
- Add - Users can add comments in a category. This permission is also required for users to vote on polls.
- Delete - Allows admins and moderators to delete comments in a category. (Read more)
- Edit - Allows admins and moderators to edit comments in a category. (Read more)
- Add - Users can add discussions in a category.
- Announce - Users can announce a discussion (sometimes called "pinning") in the category. (Read more)
- Close - Allows admins and moderators to close a discussion in the category, preventing new comments from being added. Note that admins and moderators will still be able to comment. If you would like users to be able to close their own discussions, use the Vanilla > Closeown discussions permission instead. (Read more)
- Delete - Allows admins and moderators to delete discussions in a category. (Read more)
- Edit - Allows admins and moderators to edit discussions in a category. (Read more)
- Sink - Allows admins and moderators to sink discussions in a category. When you sink a discussion, it won't be brought to the top of the discussion list when new comments are added. This feature is typically used to de-emphasize a discussion and keep it off the recent discussion lists in a more subtle way than simply closing it. (Read more)
- View - Users can view discussions and their associated comments in the category.
Special Considerations for Infrastructure Categories
- Member-type users should typically be allowed to create reports, but not see them.
- In order to report a discussion, members need the "add comment" permission in the Reported Posts category but should have no other permissions in this category.
- The Social Groups category is an infrastructure-only category associated with the Groups addon; it is not meant to be viewed by end users.
- All users should only have the permission to add discussions and comments, not view.
- If users have the permission to view this category, they will see posts from all groups, including private and secret or if they belong to them.
- Allowing users to view this category will create unexpected behavior and is strongly discouraged.
Theming and visual considerations
- The Role of a user is typically only visible in posts if the Role Titles addon is enabled; otherwise, it's shown on user profiles.
- The description is only visible to admins and moderators.
- If you would like to hide a Role from user profiles (or from the Role Titles addon), check the This Role is Personal Info box. This way, only users with permission to view personal info will see it.
Click the link below to access a video expanding on what you learned in this article.