Manual:Setting user groups in MediaWiki

sa:Access Restrictions

Granting rights to users
MediaWiki does not yet have a general interface for setting the user rights field of user accounts. There is however a simple interface (Special:Makesysop) for granting a specific username 'sysop' status - a user with 'bureaucrat' status can enter a username into this form to grant 'sysop' status to that user.

Assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this:

> mysql -u root -p

mysql> use wikidb;

mysql> UPDATE user SET user_rights='bureaucrat,sysop' WHERE user_name='The Username';

The "user" in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

sysop
This is the most common use. A user marked as 'sysop' can delete and undelete pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contribs. See Help:Administration for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere.)

developer
This is largely obsolete and will be removed from future versions of the software.

bureaucrat
This is a user that is allowed to turn other users into sysops via the aforementioned Special:Makesysop page.

bot
A registered bot account. Edits by an account with this set will not appear by default in Recentchanges; this is intended for mass imports of data without flooding human edits from view. (Add &hidebots=0 to list changes made by bots e.g. like this)

Revoking user's privileges
In its current development stage, MediaWiki has a web-based interface to create users and make sysop's and bureaucrats, but it has no interface for revoking privileges.

Currently, the only way to downgrade user's privileges is through SQL:


 * update user set user_rights= '' where user_name= ' yourusername ' ;

Configuring access restrictions to your wiki
Also see Preventing_Access You can customise user restrictions by placing some or all of the commands below into.

$wgWhitelistEdit = true; $wgWhitelistRead = array ("Main Page", "Special:Userlogin", "Wikipedia:Help"); $wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 );
 * 1) Specify who can edit: true means only logged in users may edit pages
 * 1) Pages anonymous (not-logged-in) users may see
 * 1) Specify who may create new accounts: 0 means no, 1 means yes

If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the  page. (Note: that page doesn't seem to appear anywhere as a link once you're logged in. You actually have to manually enter the address http:///index.php/Special:Userlogin into the address bar.)

sspence corrects: On our server, this is actually found at http:///index.php?title=Special:Userlogin

This might be useful for cases where editing (or even read access) should be performed by only a select group. MediaWiki can be a useful group collaboration tool on small as well as large scales.

When creating the whitelist, don't forget to add the stylesheet pages, for example "MediaWiki:Monobook.css" and "MediaWiki:Monobook.js". Also add "-" for the default style.

$wgSysopUserBans   = false;      # Allow sysops to ban logged-in users $wgSysopRangeBans  = false;      # Allow sysops to ban IP ranges

Related Pages

 * Status
 * Help:User levels (Setting user levels in MediaWiki 1.4)