Manual:Setting user groups in MediaWiki

sa:Access Restrictions

Granting rights to users
MediaWiki does not yet have a general interface for setting the user rights field of user accounts. There is however a simple interface (Special:Makesysop) for granting a specific username 'sysop' status - a user with 'bureaucrat' status can enter a username into this form to grant 'sysop' status to that user.

Assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this: > mysql -u root -p

mysql> use wikidb;

mysql> UPDATE user SET user_rights='bureaucrat,sysop' WHERE user_name='The Username'; The "user" in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

If you are using 1.4, the above doesn't work. The user_rights field has been removed and the user rights are now located in their own table. The new table is user_rights. It contains two fields; ur_user and ur_rights. This sql query should do the trick. UPDATE user_rights SET ur_rights="bureaucrat,sysop" WHERE ur_user=1; You may need to replace the number 1 with the appropriate user id.

sysop
This is the most common use. A user marked as 'sysop' can delete and undelete pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contribs. See Help:Administration for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere.)

developer
This is largely obsolete and will be removed from future versions of the software.

Developer has special RIGHTS and sees additional features in the Special-Pages (lock / unlock DB) as well in setting User-rights. Only a developer can UN-Set (delete) the Sysop-Rights of an admin. --HeliR 11:44, 4 Jan 2005 (UTC)

bureaucrat
This is a user that is allowed to turn other users into sysops via the aforementioned Special:Makesysop page.

bot
A registered bot account. Edits by an account with this set will not appear by default in Recentchanges; this is intended for mass imports of data without flooding human edits from view. (Add &hidebots=0 to list changes made by bots e.g. like this)

Revoking user's privileges
In its current development stage, MediaWiki has a web-based interface to create users and make sysops and bureaucrats, but it has no interface for revoking privileges.

Currently, the only way to downgrade user's privileges is through SQL: update user set user_rights='' where user_name='yourusername';

Version 1.4 Mediawiki: UPDATE user_rights SET ur_rights="sysop,bureaucrat,developer" WHERE ur_user=1;

or using Program phpMyAdmin read a textfile into the "TINYBLOB" ur_rights of table user_rights that contains the proper user-entries "sysop,bureaucrat,developer"

--HeliR 12:01, 4 Jan 2005 (UTC)

Configuring access restrictions to your wiki
Also see Preventing Access You can customise user restrictions by placing some or all of the commands below into ; be sure to place them *below* the following statement: # this must be above of all your custom changes! require_once( "DefaultSettings.php" );

$wgWhitelistEdit = true; $wgWhitelistRead = array ("Main Page", "Special:Userlogin", "Wikipedia:Help"); $wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 );
 * 1) Specify who can edit: true means only logged in users may edit pages
 * 1) Pages anonymous (not-logged-in) users may see
 * 1) Specify who may create new accounts: 0 means no, 1 means yes

If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the  page. (Note: that page doesn't seem to appear anywhere as a link once you're logged in. You actually have to manually enter the address http:///index.php/Special:Userlogin into the address bar.)

sspence corrects: On our server, this is actually found at http:///index.php?title=Special:Userlogin

This might be useful for cases where editing (or even read access) should be performed by only a select group. MediaWiki can be a useful group collaboration tool on small as well as large scales.

When creating the whitelist, don't forget to add the stylesheet pages, for example "MediaWiki:Monobook.css" and "MediaWiki:Monobook.js". Also add "-" for the default style.

$wgSysopUserBans   = false;      # Allow sysops to ban logged-in users $wgSysopRangeBans  = false;      # Allow sysops to ban IP ranges

Related Pages

 * Status
 * Help:User levels (a new user rights system to be implemented in a future release of MediaWiki)