Overview
Roles and Permissions are used in tandem to control what users can see and do in your community.
It will be important to review them carefully prior to launch, as well as when updating your forum's settings.
If you are ever unsure about any settings, contact your CSM or Vanilla Support.
Note for clients with a pending Migration:
During your test and final migrations, your current users and roles will be imported into your production site.
Because Vanilla has its own feature set and will likely vary from your previous provider, the roles and permissions will need to be adjusted. It usually makes sense to analyze and note these during the test migration, as they will be wiped out during the final migration and will need to be re-applied post Final Migration.
Roles
Vanilla comes with 6 roles out of the box (Guest, Unconfirmed, Applicant, Member, Moderator and Admin).
If you are migrating from another platform, plan on using SSO, have a private community, or have a highly customized setup, your roles may vary from those seen here. If you are unsure, contact your CSM.
Note: The account owner is the main forum administrator of your team. This role does not show in the Dashboard and is set up by the Vanilla team, and is a kind of super admin. It’s important not to use this role for permissions testing as it will supersede the assigned roles & permissions settings.
Guest
This is a special role that represents non logged in users in Vanilla. You can use this role to restrict what logged out users see when viewing your forum.
As Vanilla does not allow anonymous posting, this role cannot be given other permissions.
If you do not want any guests to see your community at all (i.e., require login to view), you can also enable Private Communities. If you set your community to private, only registered members will be able to view and post. If a user that is not logged in browses to the community, they will see a login page or be redirected to SSO sign in if applicable.
Unconfirmed
If your community is using Vanilla-based registration (i.e., not SSO), and have required users to confirm their email, this role will be given to users who have registered but have not confirmed their email address yet.
Applicant
If your community is using Vanilla-based registration (i.e., not SSO), and have the approval method of registration enabled, this role will be given to users who have applied for membership but have not yet been accepted by an admin or mod. Out of the box, they have the same permissions as guests.
Member
Default user role - members can participate in discussions and access all end user functionality.
Default types
Member
The default role type "Member" dictates the roles users are assigned to upon registration, make sure to only choose the default role type "Member" for roles you want auto-assigned on registration.
Moderator
Moderators have permission to edit content and use the moderation features.
Your moderators manage day-to-day life in your forum. They typically have permission to edit and curate content, review spam and moderation issues, as well as manage user accounts.
Administrator
Administrators have permission to do everything including configuring the account and creating new Roles. Your administrators are those that are responsible for the forum set up including creating new accounts, configuring add-ons, managing categories and themes.
Permissions
Certain permissions are associated with optional addons and integrations. If you do not see a particular permission in your roles and permissions, ensure thee associated addon or integration is enabled, or contact your CSM or support.
The Role of a user is typically only visible on posts if the Role Titles addon is enabled, but is usually shown on user profiles.
The description is only visible to admins and mods.
If you would like to hide a role from profiles (or from the role titles addon), you can do so by enabling the checkbox for “This role is personal info. Only users with permission to view personal info will see it.”
Garden
Delete Activity – Delete an activity from the Activity Page. [ADMIN/MOD ONLY]
View Activity – Allows the user to view the activity on the Activity Page.
Allow Advanced Notifications – This permission should only be given to mods and admins in small communities. It allows a notification to be sent when a new discussion or comment is posted in a specific category, but has a maximum of 50 users. [ADMIN/MOD ONLY]
Manage Community - Enables users who have the “View Settings” but not “Manage Settings” permissions access to banner, category and reaction settings in the Dashboard. [ADMIN/MOD ONLY]
Manage Curation – Gives the ‘Promote’ Reaction and hold more weight when reacting with SPAM or Abuse. The Promote reactions gives 5 points to the promoted content and displays it on the Best of Page. When reacting with the SPAM and Abuse reactions this will set your reaction to have a weight of 5 points rather than the default 1 point per reaction. Also gives users the ability to mark answers as rejected/accepted and change a discussion to a question when the Q&A addon is enabled.
View Email – Allows users to receive notifications via email. This does not reveal email addresses of other users to the role. Should only be disabled for roles who should not receive email notifications of any kind (including password reset emails, etc).
Manage Moderation – Gives access to moderation functionality such as the moderation and SPAM queue. Gives permission to change the status of an idea when Ideation is enabled. This permission is typically what identifies a user as a moderator. [ADMIN/MOD ONLY]
Allow No Ads - Hides Pockets labeled as ads.
View Personal Info – Allows viewing of personal info such as email and IP address on the profile page. [ADMIN/MOD ONLY]
Edit Profiles – Allows editing of the users own profile. Does not grant the permissions to edit other users’ profiles.
View Profiles – Allows viewing other members’ profile pages.
View Settings – Allows viewing of account settings in the Dashboard. Required for “Community Manage” and for “Manage Moderation” to have access to dashboard functionality. [ADMIN/MOD ONLY]
Manage Settings – Grants full access to all functionality in the dashboard. This is an Admin only permission. [ADMIN ONLY]
Allow Sign In – The permission to log in. Should generally be enabled but can be used to temporarily prevent a group of users from logging in.
Allow Staff - For Certain integrations like Zendesk and Salesforce, this allows for staff to access to plugin functionality without gaining forum moderation tools
Add Tokens - For use with APIv2. Allows users to generate personal API tokens via their profile. The tokens’ permissions will be reflective of the permissions of the user who generated the token.
Add Uploads - Allows users to upload attachments.
Add Users - Allows moderators and admins to manually create users on the user page in the moderation section of the dashboard. [ADMIN/MOD ONLY]
Approve Users - Allows moderators and admins to accept users if using the approval registration method. [ADMIN/MOD ONLY]
Delete Users Allows moderators and admins to delete members from the User page in the moderation section of the dashboard. [ADMIN/MOD ONLY]
Edit Users Allows moderators and admins to edit other users’ profiles. [ADMIN/MOD ONLY]
Conversations
Conversations are private messages sent between users. Admins and mods need the permission to Add Conversations if they want to use the Warning Addon.
Add Conversations - Allows for new private conversations to be added. Removing this from members will still allow them to receive messages from those with the permission, they simply will not be able to initiate conversations.
Manage Moderation Conversations – Allows admins or mods to view and manage private messages between members. This permission also requires a config setting change that must be requested through your CSM or Support. [ADMIN/MOD ONLY]
Vanilla
Require Approval - if this permission is set, unverified members’ posts will have to be approved before they appear (also known as pre-moderation).
Me Comments – Deprecated.
Add Tagging - If the Tagging addon is enabled, this allows users to create new Tags. Note that if tagging is enabled, all users will be able to add existing tags to discussions, this permission is to allow new tags to be created.
Plugins
Allow Attachments Upload – Permission to upload files when Advanced Editor or File Upload is in use.
Manage Pockets - Grants access to the Pockets plugin, if enabled [ADMIN/MOD ONLY]
Add Polls – Permission to create a poll type discussion when the Polls plugin is enabled.
Edit Signatures – Permission to create and edit a signature when the Signatures plugin is enabled.
Reputation
Give Badges – Grants ability to manually award badges from a users profile page or from the badges page, as well as to approve badge requests. [ADMIN/MOD ONLY]
Manage Badges - Allows for the creation and management of badges in the dashboard. [ADMIN/MOD ONLY]
Request Badges - Allows users to request a badge from a particular badges page. It will send a request to /reputation/badge/requests for admins to approve.
View Badges - Ability to see badges on profiles
Reactions
Add Flag Allows use of the “Spam” or “Abuse” Reactions, which have the ability to accumulate to hide posts for review.
Add Negative Allows use of “Dislike”, “Downvote”, “Off Topic”, and “WTF” Reactions. Negative Reactions are inactive by default.
Add Positive Allows use of positive Reactions
Groups
Add Group - Grants the ability to create new groups
Moderate Group -Grants the ability to moderate groups even if not a group member. [ADMIN/MOD ONLY]
Knowledge
Add Articles - allows users to add new articles to your KB
View KB - allows users to view your KB
Email
Only applies if the VanillaPop addon is enabled.
Add Comments - When using VanillaPop, grants ability to comment by email.
Add Conversations - When using VanillaPop, grants ability to add private messages by email.
Add Discussions - When using VanillaPop, Grants Ability to add Discussions by email.
Category Permissions
Default Category Permissions
This applies to any categories that do not have ‘custom permissions’ enabled.
To enable custom permissions on a particular category, edit the category in question and toggle the ‘this category has custom permissions’ option.
Add Comments / Discussions - Enables the user to create new discussions or comments in the category.
Announce Discussions - Enables the user to announce a discussion (sometimes called ‘pinning’) in the category [ADMIN/MOD ONLY]
Close Discussions - Allows admins/mods to close a discussion to new comments in the category. Note: Admins/mods will still be able to comment. [ADMIN/MOD ONLY]
Delete Discussions/Comments - Allows admins/mods to delete any and all discussions or comments in the category. [ADMIN/MOD ONLY]
Edit Discussions/Comments - Allows admins/mods to edit any and all discussions or comments in the category. [ADMIN/MOD ONLY]
Sink Discussions/Comments - Allows admins/mods to sink any and all discussions or comments in the category. When you sink a discussion it won't be brought to the top of the discussion list when new comments are added. You use this feature when you want a discussion to "go away" in a more subtle way than just closing it. [ADMIN/MOD ONLY]
View Discussions - Allows users to view discussions and their associated comments in the category.
Special Considerations for Infrastructure Categories
Reported Posts
Member-type users should typically be allowed to create reports, but not see them. In order to report a discussion, members need the ‘add comment’ permission for the reported posts category but should have no other permissions for this category
Social Groups
All users should only the permission to add discussions and comments, not view.
