Help talk:User rights and groups

Help:Assigning permissions wargo (talk) 15:41, 20 April 2017 (UTC)Reply

See Help_talk:Assigning_permissions#Replace_this_page.3F This, that and the other (talk) 15:49, 20 April 2017 (UTC)Reply

At the main-page it says; "Bureaucrats – ... , giving them permission to assign/revoke user groups"

Is the "assign/revoke user groups" truly only available to Bureaucrats/Sysop?

Or to be more specific, is it potentially possible that an additional user group is setup (by Bureaucrats/Sysop) that can be assigned by an Admin to normal-rights users? (This would be something of an intermediate user group, to potentially give some regular users a bit more features. Like for example the "Mark as patrolled" right.) MvGulik (talk) 17:05, 14 February 2019 (UTC)Reply

Seems possible, after a bit more reading up ...

ie: (by setting something like this)

$wgAddGroups['admin'][] = 'Trustworthy';

+

$wgGroupPermissions['Trustworthy'] = $wgGroupPermissions['user'];

$wgGroupPermissions['Trustworthy']['patrol'] = true;

Correct?

(never (and not currently) played around with mediawiki at sysop level.) MvGulik (talk) 17:38, 14 February 2019 (UTC)Reply

Mention that group "(all)" is also called "*". Jidanni (talk) 02:16, 16 November 2019 (UTC)Reply

I am currently trying to use this with OAuth connection. The user which the OAuth belong to is an admin user. I've tested other API functions as editpage which just work but whatever I do, I always receive the response of that my "user" doesn't seem to have the rights to edit another users group. I've tried changing the OAuth permissions to all and I've noticed in identify that my OAuth connection does have the userright permission.

Testuser is a user with zero group connections.

$userEditToken = json_decode($client->makeOAuthCall($accessToken,$apiUrl . "?action=query&format=json&meta=tokens&type=userrights"))->query->tokens->userrightstoken;

$userInfo = $client->makeOAuthCall(
        $accessToken,
        $apiUrl,
        true,
        [
            "action" => "userrights",
            "format" => "json",
            "user" => "Testuser",
            "add" => "bureaucrat",
            "token" => $userEditToken,
        ]
);

The response is

string(67) "{"userrights":{"user":"Testuser","userid":5,"added":[],"removed":[]}}"

Which seems to indicate that my OAuth application doesn't have the permissions to change that user even though identify returns the permission "userrights".

Am I missing something? 000Tom0000 (talk) 15:03, 2 September 2020 (UTC)Reply

Did you ever fix this problem? Bovlb (talk) 23:56, 5 August 2022 (UTC)Reply

Change the “The "bureaucrat" and "administrator" rights have already been granted and cannot be changed in this screenshot. This configuration, where admin and above rights can be granted but not removed locally, is used on most Wikimedia wikis.” To “The "bureaucrat" and "administrator" rights have already been granted and cannot be changed in this screenshot. This configuration, where bureaucrat and above rights can be granted but not removed locally, is used on most Wikimedia wikis.” in the unchangeable user rights section. 110.174.23.110 (talk) 06:03, 5 December 2024 (UTC)Reply

Not done. That's wrong - the normal configuration on Wikimedia wikis is meant to include admin rights in the list. * Pppery * _{it has begun} 06:37, 5 December 2024 (UTC)Reply

Your proposed change is factually incorrect. m:Bureaucrat lists wikis where bureaucrats can remove admin rights, while on other wikis, admin can be granted but not revoked by bureaucrats. ToadetteEdit (talk) 06:41, 5 December 2024 (UTC)Reply

Why can users with only add change time to future but users with only remove can only directly remove it and not bring the expiry time closer. 185.137.137.154 03:39, 17 May 2025 (UTC)Reply

Because nobody bothered to code that feature. Likely because add-but-not-remove is actively used on WMF wikis, and remove-but-not-add isn't. * Pppery * _{it has begun} 04:03, 17 May 2025 (UTC)Reply