Roles & Permissions

Two of the most important aspects of your Higher Logic Vanilla (Vanilla) community are Roles and Permissions:

Roles are like high-level categories into which your users are grouped.
Each Role can be customized with a unique set of Permissions to control what users with that Role can see and do in your community.

📝 NOTE: Every user must be assigned at least one Role.

✔️ TIP: There are two important times to review your Roles and Permissions: Prior to launching your Vanilla community and when updating your community's settings.

Access your Roles and permissions

1. Access the Dashboard.

2. Navigate to Settings > Membership > Roles & Permissions.

On this page, you can:

View your existing Roles
Create Roles
Edit and delete Roles

Additionally, click the settings button to open the Advanced Settings dialog to enable Private Communities and control what permission level is required to expand the SSO ID permission via the API.

Note for customers with a pending migration

During your test and final migrations, your current users and Roles will be imported into your production site.

Because Vanilla has its own feature set and will likely vary from your previous provider, you'll need to adjust the Roles and permissions. A best practice is to analyze and note these during the test migration, as they will be wiped out during the final migration and will need to be re-applied after the final migration. If you're unsure, contact your implementation project manager.

Notes for customers using SSO

When using SSO, you can choose whether to pass Roles. To learn more, see:

https://success.vanillaforums.com/kb/articles/179-managing-roles-with-sso

Roles in Vanilla

Every Vanilla community has the following Roles available:

Guest
Unconfirmed
Applicant
Member
Moderator
Administrator

The Roles you use will depend on:

your registration settings,
where you are in the community lifecycle, and
whether you plan to use SSO.

📝 NOTE: Your Roles may vary from those listed above if you: are migrating from another platform; plan to use SSO; have a private community; or have a highly customized setup.

Guest

This is a special Role that represents non-logged in users in Vanilla. You can use this role to restrict what logged out users see when viewing your community.

📝 NOTE: Because Vanilla does not allow anonymous posting, this role cannot be given other permissions.

If you don't want Guests to be able to see your community (i.e., must be logged in to view), you can also enable Private Communities. If you set your community to private, only registered members will be able to view and post. If a user who is not logged accesses the community, they will see a login page (or be redirected to an SSO sign-in, if applicable).

Since search engines and their crawling bots are essentially Guest viewers, it’s important to understand that only content Guests are allowed to see will be indexed and appear in public search results (e.g., google, bing, etc.). If you set your community to private, or restrict view permissions for the Guest role, your community may not be indexed at all.

Unconfirmed

If your community is using Vanilla-based registration (i.e., not SSO) and requires users to confirm their email addresses, this Role will be given to users who have registered but have not yet confirmed their email address.

Applicant

If your community is using Vanilla-based registration (i.e., not SSO), and have the Approval method of registration enabled, this Role will be given to users who have applied for membership but have not yet been accepted by an admin or mod. By default, these users have the same permissions as Guests.

Member

Members can participate in discussions and access all end-user functionality.

Moderator

Moderators have permission to edit content and use the moderation features.

Your Moderators manage day-to-day life in your Vanilla community; they typically have permission to edit and curate content, review spam and moderation issues, and manage user accounts.

Administrator

Administrators can do just about everything, including configuring your Vanilla account and creating Roles. Your Administrators are responsible for setting up your community, creating accounts, configuring addons, managing Categories, and managing Themes.

Account Owner

In addition to the six default Roles just discussed, the Account Owner Role is a special Role reserved for the main community administrator of your team.

This Role does not show in the Dashboard
It is set up by Vanilla
Think of this Role as a super admin

✔️ TIP: Do not use this Role for permissions testing; it will supersede the assigned Roles and Permissions settings.

Automatic Role assignment

You can automatically assign Roles to your users in two ways:

Via the Automatic Role Assignment feature
Via email domains

Check out the article below to learn how to do both.

https://success.vanillaforums.com/kb/articles/90

Delete a Role

1. Click the trashcan icon to its right.

The resulting dialog indicates how many users will be affected by this deletion; you can move users to a different Role to maintain their community access.

If a user has multiple Roles, this may not be necessary.
If the Role being deleted is a user's only Role, you must give the user a replacement Role that grants member access in order to ensure that the user can continue to access your community.

Roles that you cannot delete

The Guest, Unconfirmed, and Applicant default Roles are necessary for the infrastructure of some community features; therefore, these cannot be deleted.

Edit a Role

1. Click the pencil icon to the right of a Role.

2. On the resulting page, you can update basic Role details, like its name, description, and Default Type, as well as its permissions (more on permissions below).

Personal Info option

A user's email address and IP address are considered "personal info," and are only visible to users with the Garden > Personal Info > View permission.

If you toggle the Personal Info option for a Role, it also becomes "personal info," essentially making it a "hidden" Role only visible to those with the same permission.

Personal info on a user profile

Pre-moderating a Role

Do you want to automatically moderate all content contributed by users belonging to a specific Role?

If so, enable the Vanilla > Approval > Require permission for a Role.

When this permission is set, posts from users in the Role are placed in the Moderation Queue and have to be approved before they are posted on the community.

Permissions

This section looks at the permissions that you can assign to a Role. After updating permissions, be sure to click Save at the bottom of the page to apply your changes.

📝 NOTE: Permissions are grouped into categories (e.g., Garden, Reputation). Certain permissions are associated with optional addons and integrations. If some of these permissions are not available to you: verify whether the associated addon or integration is enabled, contact your CSM, or contact Vanilla Support.

✅ TIP: You can easily select all permissions in a category by clicking the category name. Click the category name again to deselect all permissions.

Garden

The Garden section governs some of the most important permissions in Vanilla, and should be carefully reviewed for all Roles. Each permission is discussed below.

Activity

View - Users can view the activity on the Activity Page.
Delete - Users can delete any activity (regardless of author) on the Activity Page.

Advanced Notifications

Allow - This permission is now deprecated since the introduction of our category following feature.

Community

Enable the "Manage Community" permission to:

Give users who have the “View Settings” (but not “Manage Settings”) permission access to: Banner settings, Category settings, and Reaction settings.
Give users the ability to accept and reject users' Answers to Questions. (Read more)

Curation

Enabling the "Manage Curation" permission provides the following benefits:

Gives access to the Promote Reaction. The Promote reaction gives five points to the promoted content and displays it on the Best of Page. (Read more)
Gives additional weighting to SPAM or Abuse reactions. When reacting with the SPAM and Abuse reactions, this will set the user’s reaction to have a weight of five points rather than the default one point per reaction. (Read more)
Gives users the ability to mark answers as rejected/accepted. (Read more)
Gives users the ability to change a discussion to a question when the Q&A addon is enabled.

📝 NOTE: This is typically a default permission for the Moderator Role.

Email

View - Users can receive notifications via email. This does not reveal the email addresses of other users in the role. Typically, this should only be disabled for Roles that should not receive email notifications of any kind (including password reset emails, etc.).

Exports

Manage - Allows users to export CSV files of community data, as described here.

Internal Info

View - Provides the ability to view email, IP, and any additional profile fields marked as "internal info."

Moderation

Enabling the "Manage Moderation" permission provides the following benefits:

Gives access to the Moderation queue. (Read more)
Gives access to the SPAM queue. (Read more)
Gives access to the Change Log.
Gives permission to change the status of an idea when Ideation is enabled. (Read more)
Gives permission to approve Role Applications. (Read more)
Gives permission to Move and Merge posts. (Read more)

📝 NOTE: This is typically a default permission for the Moderator Role, and is what identifies a user as a Moderator.

No Ads

Allow - Hides Pockets that are labeled as ads. (Read more)

Personal Info

View - Users can view personal info on a user's profile, such as Email, Register IP, and Last IP on the profile page. For security reasons, we strongly recommend only giving this Permission to admins and trusted moderators.

Profile Picture

Edit - Users can edit their own profile picture.

Profiles

Edit - Users can edit their own profile. Does not grant the ability to edit other user's profiles.
View - Users can view the profiles of other users.

Reactions

View - When viewing a post in your community, users can hover on a Reaction to see who has reacted (the reacting user's username is displayed in the hover popup). 📝 NOTE: This is typically a default permission for the Moderator Role.

📝 NOTE: This permission gives you granular control over who can see who reacted to posts. On the Dashboard > Settings > Discussions > Reactions page, you can also click the settings icon to apply a global rule for viewing Reactions (options are: In a Popup, As avatars, and Don't show). This allows you to, for example, use the global rule to turn off this feature and use the Role permission to only give this ability to specific Roles.

Settings

View - Users can view account settings in the Dashboard. This permission, along with the "Manage Community" and "Manage Moderation" permissions, are required to have access to the Dashboard. 📝 NOTE: This is typically a default permission for the Moderator Role.
Manage - Grants full access to all functionality in the Dashboard. This is an Admin-only permission. This permission is typically what identifies a user as an Administrator.

Sign In

Allow - Enables users to log in to your Vanilla community. Generally, this should be enabled but it can be used to temporarily prevent a group of users from logging in.

Staff

Allow - For some integrations (e.g., Zendesk and Salesforce), this allows staff users to access the plugin functionality without gaining Vanilla community moderation tools.

Tokens

Add - For use with API v2. Allows users to generate personal API tokens via their profile. The tokens’ permissions will be reflective of the permissions of the user who generated the token. (Read more)

Uploads

Add - Users can upload attachments when using the Rich editor. (Read more)

Username

Edit - Users can edit their usernames in their profiles. (Read more)

Users

Add - Admins and Moderators can manually create users on the User page in the Moderation section of the Dashboard (read more), as well as to create users via the API using their API token.
Approve - Admins and Moderators can approve users’ requests for membership, if using the Approval registration method.
Delete - Admins and Moderators can delete members from the User page in the Moderation section of the Dashboard, and delete users via the API using their API token. (Read more)
Edit - Admins and Moderators can edit user info in the Dashboard, on frontend user profiles, and via the API using their API token.

Zendesk Basic Ticket

View - Allows users to: i) see (on other users' posts) that there's a Zendesk ticket for that post and ii) view a Basic version of the ticket. (See Manage the Zendesk Addon)

Zendesk Create Article

Allow - Authorized users can create articles (in your associated Zendesk Guide account) right from a post, using that post as the basis of the article. (See Manage the Zendesk Addon)

Zendesk Escalate Own Content

Allow - Users can escalate their own questions to your Zendesk support center as a ticket, after the specified "delay" has passed. (See Manage the Zendesk Addon)

Vanilla

Approval

Require - If this permission is set, unverified members’ posts will have to be approved from the moderation queue before they are posted on the community (also known as pre-moderation). (Read more)

Comments

Me - This permission has been deprecated and no longer functions.

Discussions

Closeown - Users can close their own discussions. (Read more)

Tagging

Add - If the Tagging addon is enabled, this permission allows users to create Tags. Note that if tagging is enabled, all users can add existing tags to discussions; this permission is to allow new tags to be created.

Conversations

Conversations are private messages sent between users. This feature lets users continue conversations outside of discussions, interact with moderators and administrators, and privately share information between each other. (Read more)

Add Conversations

Add - Allows for new private conversations to be initiated. Removing this from users will still allow them to receive messages from those with the permission, they simply will not be able to initiate conversations. Note that admins and moderators need this permission in order to use the Warnings & Notes addon.

Moderation

Manage - Admins and Moderators can view and manage private messages between users. Note that this permission is not recommended. If an appropriate use-case arises, a config setting change must be requested through your CSM or Support.

Plugins

Attachments Upload

Allow - Users can upload files when using a legacy editor (i.e., any editor other than the Rich editor).

Pockets

Manage - Grants access to the Pockets addon, if enabled. (Read more)

Polls

Add - Permission to create a poll-type discussion when the Polls plugin is enabled. (Read more)

Signatures

Edit - Users can create and edit a signature when the Signatures plugin is enabled. (Read more)

Reactions

📝 NOTE: This set of permissions is available only if the Reactions addon is enabled.

Flag

Add - Users can apply the “Spam” and “Abuse” Reactions. If enough of these occur, the post will be hidden for review (read more). In addition, it allows users to report posts. (Read more)

Negative

Add - Users can apply the “Dislike,” “Downvote,” “Off Topic,” and “WTF” Reactions. Negative Reactions are inactive by default. (Read more)

Positive

Add - Users can apply positive Reactions. (Read more)

Reputation

📝 NOTE: This set of permissions is available only if the Badges addon is enabled.

Badges

Give - Admins can manually award badges from a users profile or from the badges page, as well as to approve badge requests. This also governs the ability to give badges via the API using their API token. (Read more)
Manage - Enables the ability to create and manage badges in the Dashboard. (Read more)
Request - Users can request a badge from the badge request page. This action sends the request to the badge request queue. (Read more)
View - Ability to see badges on profiles. (Read more)

Knowledge

📝 NOTE: This set of permissions is available only if the Knowledge addon is enabled.

Articles

Add - Users can add articles to your knowledge base. (Read more)
Manage - Users can manage your knowledge base articles.

Kb

View - Users can view your knowledge base. (Read more)

Analytics

Dashboards

Manage - Allows the user to create, edit, and copy existing dashboards.

Data

View - Allows the user to view out-of-the-box analytics dashboards that others have created.

Email

📝 NOTE: This set of permissions is available only if the VanillaPop addon is enabled.

🚧 MAINTENANCE: This addon is in the Maintenance stage of the product life cycle.

Comments

Add - When using VanillaPop, grants ability to comment by email.

Conversations

Add - When using VanillaPop, grants ability to add private messages by email.

Discussions

Add - When using VanillaPop, grants ability to add discussions by email.

Groups

📝 NOTE: This set of permissions is available only if the Groups and Events addon is enabled.

Email Invitations

Add - By default, group owners, leaders, and managers can invite users to join Groups by searching and selecting registered usernames. This permission these users to also be able to invite users to join groups via email addresses. (Read more)

Group

Add - Grants the ability to create new groups. (Read more)

Moderation

Manage - Grants the ability to moderate groups, even if not a group member. (Read more)

Avatarpool

Custom Upload

Allow - If your community is using the Avatar Pool addon, and a user has the ability to access the dashboard, this allows them to add additional images to the Avatar Pool images available to end users.

Default Category Permissions

These permissions apply to any categories that do not have "custom permissions" enabled.

📝 NOTE: To enable custom permissions for a category, edit the category, and toggle ON the This category has custom permissions option. To learn more about managing categories, see:

https://success.vanillaforums.com/kb/articles/8-category-configuration-management

Comments

Add - Users can add comments in a category. This permission is also required for users to vote on polls.
Delete - Admins and Moderators can delete comments in a category. (Read more)
Edit - Admins and Moderators can edit comments in a category. (Read more)

Discussions

Add - Users can add discussions in a category.
Announce - Users can announce a discussion (sometimes called "pinning") in the category. (Read more)
Close - Admins and Moderators can close a discussion in the category, which prevents new comments being added. Note that Admins and Moderators can still add comments. If you want users to be able to close their own discussions, use the Vanilla > Closeown discussions permission. (Read more)
Delete - Admins and Moderators can delete discussions in a category. (Read more)
Edit - Admins and Moderators can edit discussions in a category. (Read more)
Sink - Admins and Moderators can sink discussions in a category. When you sink a discussion, it won't be brought to the top of the discussion list when new comments are added. This feature is typically used to de-emphasize a discussion and keep it off the recent discussion lists in a more subtle way than simply closing it. (Read more)
View - Users can view discussions and their associated comments in the category.

Events

Manage - Users can create, edit, and delete events within a category.
View - Users can view an event and its details in a category.

Posts

Moderate - Allows posts in a category to be moderated.

Special considerations for Infrastructure Categories

Reported Posts

Member-type users should typically be allowed to create reports, but not see them.
In order to report a discussion, members need the "add comment" permission in the Reported Posts category but should have no other permissions in this category.

Social Groups

✔️ TIP: This is an infrastructure-only category that is associated with the Groups addon; it is not meant to be viewed by end users.

📝 NOTE: If users have the Discussions > VIEW permission, unexpected behaviors and unintended view-access could result; assign this permission with discretion.

All users should have only the ADD permission for Comments and Discussions.
If users have the VIEW permission for Discussions, they will see posts from all groups, including private and secret or if they belong to them.

Theming and visual considerations

The Role of a user is typically only visible in posts if the Role Titles addon is enabled; otherwise, it's shown on user profiles.
The description is only visible to admins and moderators.
If you would like to hide a Role from user profiles (or from the Role Titles addon), check the This Role is Personal Info box. This way, only users with permission to view personal info will see it.

Additional resources

Click the link below to access a video expanding on what you learned in this article.

https://success.vanillaforums.com/kb/articles/449