Managing forum security

The security model of Forums has two parts:

  • Security of the Forums application administration interface.
  • Security of the forums published on the website.

Forums administration interface

You can manage access to the Forums administration interface in the Modules -> Forums permission matrix in the Permissions application:

  • Modify - allows users to modify forum settings.
  • Read - allows users to only read forum settings.

Users without any permissions who are moderators of at least one forum are allowed to access the Posts waiting for my approval dialog only.

Security of forums published on a website

If you edit a forum and switch to its Security tab, you can see a permission matrix. Columns of the matrix represent the following actions:

  • Access to forum - defines who can enter the forum and view posts.
  • Attach files - defines who can attach files to forum posts.
  • Mark as answer - defines who can mark posts as answers in Question - Answer forums.
  • Post - defines who can add posts to the forum.
  • Reply - defines who can reply to forum posts.
  • Subscribe - defines who can subscribe for receiving notifications about new posts in the forum.

Rows in the top part of the matrix have the following meanings:

  • Nobody - the action cannot be performed by anyone.
  • All users - anybody can perform the action.
  • Authenticated users - only signed-in registered users can perform the action.
  • Authorized roles - only members of roles specified in the lower part of the matrix can perform the action.

Below the permission matrix, there is one more check-box:

Allow user to change their name - if checked, users can change their name displayed with a forum post when entering the post; if unchecked, their user name will be used.

The following properties of the Forum group web part are also related to forum security:

  • Hide forum to unauthorized users - indicates whether forums for which the user has no permissions are visible for them in the list of forums in a forum group.
  • Redirect unauthorized users - determines whether to redirect unauthorized users to the logon page or whether to display only an info message.
  • Access denied page URL - URL where the user is redirected when trying to access a forum for which they are not authorized.