Manual:Setting user groups in MediaWiki

sa:Access Restrictions

Granting right to users
MediaWiki does not yet have a general interface for setting the user_rights field of user accounts. There is however a simple interface (Special:Makesysop) for granting a specific username 'sysop' status - a user with 'bureaucrat' status can enter a username into this form to grant 'sysop' status to that user.

Assigning accounts status other than 'sysop' (including removing 'sysop' status) has to be done manually by issuing an SQL query in the database. Usually you'll want to do something like this:

UPDATE user SET user_rights='bureaucrat' WHERE user_name='The Username';

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

sysop
This is the most common use. A user marked as 'sysop' can delete and undelete pages, block and unblock IPs, issue read-only SQL queries to the database, and use a shortcut revert-to-previous-contributor's-revision feature in contribs. See Help:Administration for details. (Due to something of a historical accident, users with sysop status are generally referred to as 'administrators' or 'admins' on the English Wikipedia, and most likely elsewhere.)

developer
This is largely obsolete and will be removed from future versions of the software.

bureaucrat
This is a user that is allowed to turn other users into sysops via the aforementioned Special:Makesysop page.

bot
A registered bot account. Edits by an account with this set will not appear by default in Recentchanges; this is intended for mass imports of data without flooding human edits from view. (Add &hidebots=0 to list changes made by bots e.g. like this)

Configuring access restrictions to your wiki
Drop some of these in LocalSettings.php: $wgWhitelistEdit = true;  # true = user must login to edit. $wgWhitelistRead = array ( "Main Page", "Special:Userlogin", "Wikipedia:Help"); $wgWhitelistAccount = array ( 'user' => 0, 'sysop' => 1, 'developer' => 1 ); Some more options for banning: $wgSysopUserBans       = false; # Allow sysops to ban logged-in users $wgSysopRangeBans		= false; # Allow sysops to ban IP ranges
 * 1) User rights
 * 1) Pages anonymous user may see