phpBB has an awesome permissions system that is very fine grained and very comprehensive. While very functional it can often be hard to use too because there are so many possible permutations: group permissions, user permissions, role permissions, etc.
It’s not hard at all if you have a board with lots of forums and/or lots of groups to find yourself in forum permissions hell. A user might belong to multiple groups, for example. Which group permissions will override other group permissions? You might long for a button that just resets all the forum permissions, but nothing like this exists. You may want to comprehensively reset all your forum permissions instead.
Group forum permissions and user forum permissions allow you to finely tune these permissions. With lots of forums though the user interface can be overwhelming. It can be hard to click on the drop down controls to set them properly and to do this for all the forum permissions for one group. Worse, sometimes you’ll take the time to do this and you’ll find out not all the permissions took. (An aside: if this happens to you, it is probably because there are so many fields on the form you are submitting that PHP can’t handle it all, but won’t tell you about it. Upping your PHP max_input_vars setting may solve this problem. Or you can do it to a subset of forums at a time, rather than all.)
If you want to reset your forum permissions, try these steps:
- Backup the database first. You may make mistakes or you may find you don’t want to do this when you see the result.
- Create a forum called something like “No privileges forum”. Do not copy forum permissions. Note: if you do this and look at the permissions for a user or group for this forum, you’ll see “No role assigned”. This is not the same as no permissions at all.
- If you want to get rid of some of your user defined user groups, now is a good time to blow them away. It will make the rest of this easier.
- ACP > Permissions > Group forum permissions. For each predefined group, set the forum permission for the “No privileges forum” to “No access” and save.
- For each user defined group, do the same thing.
- Now copy these permissions to your other forums. ACP > Forums > Copy forum permissions. For the first field select the “No privileges forum” forum. For the Apply permissions to field, select all the other forums. Warning: at the end of this step, no one will be able to access any forums on the main index. In fact, no forums will show and you should see “This board has no forums.” This includes administrators. Don’t worry. The forums are still there just not accessible. The message is really incorrect, but presumably set this way to deter spammers.
- Now change the permissions for one forum (but not the “No privileges forum”) so that the group privileges are the way you want them for all your groups. This means selecting the forum role to apply for each group or (not advised) using the Advanced Permissions link if you need very granular permissions. (It is better to change the forum role permissions instead.) If you don’t set the privilege for a group they will have the No access role because of the previous step: the forum will not be seen on the index at all for that group (unless belonging to another group gives them that privilege). Start with the predefined groups then do any user defined groups. You will have to do this for each group of interest but always to the same forum.
- Now do step 6 again but in the first field select the forum whose privileges you just granted and apply it to all the other forums, except the “No privileges forum”.
- If you have user defined groups that should access only certain forums, set the forum privileges using ACP > Users and groups > Group forum permissions. Do this for each group. Again, it’s advisable to use a forum role.
- All user (non-group) privileges are now lost. If you need to add privileges for specific users outside of a group, do this now. It’s a best practice to not set individual privileges, but grant all privileges through groups.
Test. You can test as yourself or test using a user’s permissions, but all should be well.