Manual:Setting user groups in MediaWiki

This page is about rights within MediaWiki. Beyond that, there is the right to edit the php files, and the right to directly access the database.

sysop
A user with the rights of a sysop can delete and undelete pages, protect and unprotect pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contributions. See Manual:Administrators for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere; although on Wikiversity they are known on custodians.)

developer
This is obsolete and removed from later versions of the software.

Developer has special rights and sees additional features in the Special-Pages (lock / unlock DB) as well in setting User-rights. Only a developer can UN-Set (delete) the Sysop-Rights of an admin.

bureaucrat
This is a user that is allowed to turn other users into sysops via the aforementioned Special:Userrights page.

bot
A registered bot account. Edits by an account with this set will not appear by default in Recent changes; this is intended for mass imports of data without flooding human edits from view. (To show bot edits, either click the "Show bots" link on the Special:Recentchanges page, or append &hidebots=0 directly to the page URL, e.g. like this on Wikipedia, or [ like this] on .)

See the category Wikipedia:Category:Wikipedia vandalism on main Wikipedia.

Granting rights to users
There is a simple interface (Special:Userrights) for granting a specific username 'sysop' status or (in MediaWiki 1.11) granting and revoking membership to groups with all associated user rights - a user with 'Bureaucrat' status has the rights to do to this.

Older versions of MediaWiki (prior to 1.5) do not have a general interface for setting the user rights field of user accounts (use Special:Makesysop instead).

Using mySQL for MediaWiki versions before 1.11
In MediaWiki versions before 1.11 assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this (if you're using 1.4 or higher, see below): > mysql -u root -p

mysql> use wikidb;

mysql> UPDATE user SET user_rights='bureaucrat,sysop' WHERE user_name='The Username'; The "user" in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

Note that you probably need to log out and log back in for the rights information to be properly updated.

If you are using 1.4: The user_rights field has been removed and the user rights are now located in their own table. The new table is user_rights. It contains two fields; ur_user and ur_rights. This sql query should do the trick. UPDATE user_rights SET ur_rights="bureaucrat,sysop" WHERE ur_user=1; You may need to replace the number 1 with the appropriate user id. The user will need to log out and log back in before that user's rights will be in effect.

If you are using 1.5: The user rights are in a new table called user_groups with two fields called ug_user and ug_group. There must be one row inserted for each user right. You must know the user id number of the user from the "user" table. This sql query should do the trick. In the example below substitute 1 with the user ID number from the user table. INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'bureaucrat'); INSERT INTO user_groups (ug_user, ug_group) VALUES ('1', 'sysop');

Using phpMyAdmin
If you do not have raw access to mySQL, you can update a user's privileges via phpMyAdmin. First open phpMyAdmin, and from the left-hand frame, choose your wiki's database from the drop-down box. In the right-hand frame, a page will load listing all of the tables in the database. At top of that page in the right-hand frame, click on the "SQL" tab. You should now see a text-box. Enter the appropriate query in to the box.

For example, if you are trying to give a user Bureaucrat & Sysop privileges in 1.4, you would enter:

UPDATE user_rights SET ur_rights="bureaucrat,sysop" WHERE ur_user=USERNAME;

... replacing, the "USERNAME" in "ur_user=USERNAME" with the user's ID. (You can find this by clicking on the link in the left-hand frame which says "user." Then click the "Browse" tab and find the user's name. The ID will be on the left.)

Then push "GO". If you don't see an "error" message, then it worked.

In newer versions you have to enter (see above)

INSERT INTO user_groups (ug_user, ug_group) VALUES ('USERNAME', 'bureaucrat'); INSERT INTO user_groups (ug_user, ug_group) VALUES ('USERNAME', 'sysop');

Do NOT use things like:

> mysql -u root -p >

mysql> use wikidb;

...in phpMyAdmin.

Revoking user's privileges
'''Attention! In versions after MediaWiki 1.4, the table user_rights is gone, instead using table user_groups ! see maintenance/tables.sql'''

In its current development stage, MediaWiki has a web-based interface to create users and make sysops and bureaucrats, but it has no interface for revoking privileges.

Currently, the only way to downgrade user's privileges is through SQL: UPDATE user SET user_rights='' WHERE user_name='yourusername';

Version 1.4 Mediawiki: UPDATE user_rights SET ur_rights="" WHERE ur_user=1;

or using Program phpMyAdmin read a textfile into the "TINYBLOB" ur_rights or table user_rights that contains the proper user-entries "sysop,bureaucrat,developer"

Configuring access restrictions to your wiki
Also see Manual:Preventing access.

For MediaWiki version 1.4 and prior, you can customise user restrictions by placing some or all of the commands below into ; be sure to place them *below* the following statement: require_once( "includes/DefaultSettings.php" );
 * 1) this must be above all of your custom changes!

$wgWhitelistEdit = true;
 * 1) Specify who can edit: true means only logged in users may edit pages

$wgWhitelistRead = array ("Main Page", "Special:Userlogin", "Wikipedia:Help");
 * 1) Pages anonymous (not-logged-in) users may see

$wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 );
 * 1) Specify who may create new accounts: 0 means no, 1 means yes

If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the  page. You may manually enter the address  into the address bar, or by clicking Special pages link in the toolbox menu, then click Create an account or log in (the first item available). Warning: Mediawikis in other languages must change the whitelist pagenames. e.g. German: "Spezial:Userlogin" instead of "Special:Userlogin".

If you set $wgWhitelistEdit = true in LocalSettings.php, you may also want to set

$wgShowIPinHeader = false; # For non-logged in users

This removes the link to the talk page in the header for non-logged in users. You may also want to change the contents of your wiki's MediaWiki:Userlogin page from Create an account or log in to Log in.

For version 1.5 and above, see the Manual:User rights page for instructions on configuring access rights.

Other configuration options
This might be useful for cases where editing (or even read access) should be performed by only a select group. MediaWiki can be a useful group collaboration tool on small as well as large scales.

When creating the whitelist, don't forget to add the stylesheet pages, for example "MediaWiki:Monobook.css" and "MediaWiki:Monobook.js". Also add "-" for the default style.

$wgSysopUserBans   = false;      # Allow sysops to ban logged-in users $wgSysopRangeBans  = false;      # Allow sysops to ban IP ranges

Related pages

 * Manual:User rights (Explanation of the different "rights" which can be assigned to a group)
 * Extension:Page access restriction
 * Manual:Preventing access
 * Extension:Hidden pages