User rights, access control and monitoring: $wgGrantPermissions
Used to define grants and assign permissions to them.
Introduced in version:1.27.0 (Gerrit change 259062; git #ef5bd734)
Removed in version:still in use
Allowed values:(two-dimensional array of booleans)
Default value:See DefaultSettings.php


$wgGrantPermissions is a two-dimensional array indexed by grants and available permissions. The value is a boolean; false is equivalent to unsetting the key.

Grants are used to give external software limited access to an account; for example, by OAuth or by bot passwords. When a user account is accessed via some grants-based mechanism, to use some permission both an appropriate user group and an appropriate grant is required.

This configuration value should usually be set by extensions, not site administrators.

New grants can simply be created by using a new first-level key. Such keys should be added to $wgGrantPermissionGroups as well.

Grants are managed internally by the MWGrants class, and can be viewed via Special:ListGrants. The user-visible name of a grant can be defined via the grant-<name> message.


$wgGrantPermissions['basic']['ipblock-exempt'] = true;

This allows external tools using a user account to ignore IP blocks if the user has that ability and has given the basic grant to the tool.

See also[edit]