Manual:Setting user groups in MediaWiki

sa:Access Restrictions

Granting right to users
MediaWiki does not yet have a general interface for setting the user_rights field of user accounts. There is however a simple interface (Special:Makesysop) for granting a specific username 'sysop' status - a user with 'bureaucrat' status can enter a username into this form to grant 'sysop' status to that user.

Assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this:

UPDATE user SET user_rights='bureaucrat' WHERE user_name='The Username';

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

sysop
This is the most common use. A user marked as 'sysop' can delete and undelete pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contribs. See Help:Administration for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere.)

developer
This is largely obsolete and will be removed from future versions of the software.

bureaucrat
This is a user that is allowed to turn other users into sysops via the aforementioned Special:Makesysop page.

bot
A registered bot account. Edits by an account with this set will not appear by default in Recentchanges; this is intended for mass imports of data without flooding human edits from view. (Add &hidebots=0 to list changes made by bots e.g. like this)

Configuring access restrictions to your wiki
You can customise user restrictions by placing some or all of the commands below into.

$wgWhitelistEdit = true; $wgWhitelistRead = array ("Main Page", "Special:Userlogin", "Wikipedia:Help"); $wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 );
 * 1) Specify who can edit: true means only logged in users may edit pages
 * 1) Pages anonymous (not-logged-in) users may see
 * 1) Specify who may create new accounts: 0 means no, 1 means yes

If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the  page. (Note: that page doesn't seem to appear anywhere as a link once you're logged in.) This might be useful for cases where editing (or even read access) should be performed by only a select group. MediaWiki can be a useful group collaboration tool on small as well as large scales.

$wgSysopUserBans   = false;      # Allow sysops to ban logged-in users $wgSysopRangeBans  = false;      # Allow sysops to ban IP ranges