May 9

MediaWiki: Setting user groups in MediaWiki

By default MediaWiki has several user groups that can grant a user a set of user rights. See also [[Manual:User_rights#List_of_Groups|the list of groups]].

== [[Special:UserRights]] (MediaWiki 1.10 and higher) ==
{{MW 1.15|and later}}
There is a simple ”’interface”’ ([[Special:UserRights]]) for adding a user to or removing a user from one or more user groups. To do this the acting user must have the <tt> userrights</tt> user right, which by default is granted to the ‘Bureaucrat’ user group. You can access [[Special:UserRights]] directly or via [[Special:SpecialPages]] in the toolbox on the left (as of MediaWiki 1.16.0).

To help in using [[Special:UserRights]], refer to [[Help:Assigning permissions]].

Older versions of [[MediaWiki]] (prior to 1.15) do not have a general interface for setting the user rights field of user accounts (use [[Special:Makesysop]] instead).

== Using MySQL (MediaWiki 1.10 and before) ==
{{MW 1.10|and before}}
In MediaWiki versions before 1.11 assigning accounts status other than ‘sysop’ (including ”removing” ‘sysop’ status) has to be done manually by issuing an SQL query in the database. Usually you’ll want to do something like this (if you’re using 1.14 or older, see below):
<pre>
> mysql -u root -p

mysql> use wikidb;

mysql> UPDATE user SET user_rights=’bureaucrat,sysop’ WHERE user_name=’The Username’;
</pre>
The “user” in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

”’Note”’ that you probably need to log out and log back in for the rights information to be properly updated.

{{MW 1.14|and before}}
<b>If you are using 1.14:</b> The user_rights field has been removed and the user rights are now located in their own table. The new table is user_rights. It contains two fields; ur_user and ur_rights. This sql query should do the trick.
<pre>
UPDATE user_rights SET ur_rights=”bureaucrat,sysop” WHERE ur_user=1;
</pre>
You may need to replace the number 1 with the appropriate user id.
The user will need to log out and log back in before that user’s rights will be in effect.

{{MW 1.15|and after}}
<b>If you are using 1.15:</b> The user rights are in a new table called user_groups with two fields called ug_user and ug_group. There must be one row inserted for each user right. You must know the user id number of the user from the “user” table. This sql query should do the trick. In the example below substitute 1 with the user ID number from the user table.
<pre>
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘1’, ‘bureaucrat’);
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘1’, ‘sysop’);
</pre>

=== Using phpMyAdmin ===
If you do not have raw access to mySQL, you can update a user’s privileges via [[w:phpMyAdmin|phpMyAdmin]]. First open phpMyAdmin, and from the left-hand frame, choose your wiki’s database from the drop-down box. In the right-hand frame, a page will load listing all of the tables in the database. At the top of that page in the right-hand frame, click on the “SQL” tab. You should now see a text-box. Enter the appropriate query into the box.

{{MW 1.14}}
For example, if you are trying to give a user Bureaucrat & Sysop privileges in 1.14, you would enter:

<pre>
UPDATE user_rights SET ur_rights=”bureaucrat,sysop” WHERE ur_user=USERNAME;
</pre>

… replacing, the “USERNAME” in “ur_user=USERNAME” with the user’s ID. (You can find this by clicking on the link in the left-hand frame which says “user.” Then click the “Browse” tab and find the user’s name. The ID will be on the left.)

Then push “GO”. If you ”don’t” see an “error” message, then it worked.

In newer versions you have to enter (see above)

<pre>
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘YOUR_USER_ID’, ‘bureaucrat’);
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘YOUR_USER_ID’, ‘sysop’);
</pre>

Do NOT use things like:

<pre>
> mysql -u root -p
>

mysql> use wikidb;
</pre>

…in phpMyAdmin.

=== Revoking user’s privileges ===

”’Attention! In versions after MediaWiki 1.14, the table ”user_rights is gone”, instead using table ”user_groups” ! see maintenance/tables.sql”’

In its current development stage, MediaWiki has a web-based interface to create users and make sysops and bureaucrats, but it has no interface for revoking privileges.

Currently, the only way to downgrade user’s privileges is through SQL:
<pre>
UPDATE user SET user_rights=” WHERE user_name=’yourusername’;
</pre>
{{MW 1.14}}
Version 1.14 Mediawiki:
<pre>
UPDATE user_rights SET ur_rights=”” WHERE ur_user=1;
</pre>

or using Program ”’phpMyAdmin”’ read a textfile into the “TINYBLOB” ur_rights or table user_rights that contains the proper user-entries “sysop,bureaucrat,developer”

== Configuring access restrictions to your wiki ==

Also see [[Manual:Preventing access]].

{{MW 1.14|and before}}By default MediaWiki has several user groups that can grant a user a set of user rights. See also [[Manual:User_rights#List_of_Groups|the list of groups]].

To help in using [[Special:UserRights]], refer to [[Help:Assigning permissions]].

Older versions of [[MediaWiki]] (prior to 1.15) do not have a general interface for setting the user rights field of user accounts (use [[Special:Makesysop]] instead).

mysql> use wikidb;

mysql> UPDATE user SET user_rights=’bureaucrat,sysop’ WHERE user_name=’The Username’;
</pre>
The “user” in the above text is the user table in the wikidb database.

The user_rights field is actually a comma-separated list; presently four values are recognized by the software:

The Username is the person you want to give sysop rights.

”’Note”’ that you probably need to log out and log back in for the rights information to be properly updated.

{{MW 1.14}}
For example, if you are trying to give a user Bureaucrat & Sysop privileges in 1.14, you would enter:

<pre>
UPDATE user_rights SET ur_rights=”bureaucrat,sysop” WHERE ur_user=USERNAME;
</pre>

Then push “GO”. If you ”don’t” see an “error” message, then it worked.

In newer versions you have to enter (see above)

<pre>
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘YOUR_USER_ID’, ‘bureaucrat’);
INSERT INTO user_groups (ug_user, ug_group) VALUES (‘YOUR_USER_ID’, ‘sysop’);
</pre>

Do NOT use things like:

<pre>
> mysql -u root -p
>

mysql> use wikidb;
</pre>

…in phpMyAdmin.

=== Revoking user’s privileges ===

”’Attention! In versions after MediaWiki 1.14, the table ”user_rights is gone”, instead using table ”user_groups” ! see maintenance/tables.sql”’

In its current development stage, MediaWiki has a web-based interface to create users and make sysops and bureaucrats, but it has no interface for revoking privileges.

or using Program ”’phpMyAdmin”’ read a textfile into the “TINYBLOB” ur_rights or table user_rights that contains the proper user-entries “sysop,bureaucrat,developer”

== Configuring access restrictions to your wiki ==

Also see [[Manual:Preventing access]].

{{MW 1.14|and before}}
For MediaWiki version 1.14 and prior, you can customise user restrictions by placing some or all of the commands below into <code>LocalSettings.php</code>; be sure to place them *below* the following statement:
<syntaxhighlight lang=”php”>
# this must be above all of your custom changes!
require_once( “includes/DefaultSettings.php” );

# Specify who can edit: true means only logged in users may edit pages
$wgWhitelistEdit = true;

# Pages anonymous (not-logged-in) users may see
$wgWhitelistRead = array (“Main Page”, “Special:Userlogin”, “Wikipedia:Help”);

# Specify who may create new accounts: 0 means no, 1 means yes
$wgWhitelistAccount = array ( ‘user’ => 0, ‘sysop’ => 1, ‘developer’ => 1 );

</syntaxhighlight>
If new account creation is limited to sysops only, it must be performed by first logging in as a sysop user, and then visiting the <code>Special:Userlogin</code> page. You may manually enter the address <code><nowiki>http://<YOUR_WIKI_SERVER_ROOT_HERE>/index.php/Special:Userlogin</nowiki></code> into the address bar, or by clicking ”’Special pages”’ link in the ”’toolbox”’ menu, then click ”’Create an account or log in”’ (the first item available).
Warning: Mediawikis in other languages must change the whitelist pagenames. e.g. German: “Spezial:Userlogin” instead of “Special:Userlogin”.

If you set <tt>$wgWhitelistEdit = true</tt> in LocalSettings.php, you may also want to set
<syntaxhighlight lang=php>
$wgShowIPinHeader = false; # For non-logged in users
</syntaxhighlight>
This removes the link to the talk page in the header for non-logged in users. You may also want to change the contents of your wiki’s [[MediaWiki:Userlogin]] page from ”’Create an account or log in”’ to ”’Log in”’.

For MediaWiki version 1.14 and prior, you can customise user restrictions by placing some or all of the commands below into <code>LocalSettings.php</code>; be sure to place them *below* the following statement:
<syntaxhighlight lang=”php”>
# this must be above all of your custom changes!
require_once( “includes/DefaultSettings.php” );

# Specify who can edit: true means only logged in users may edit pages
$wgWhitelistEdit = true;

# Pages anonymous (not-logged-in) users may see
$wgWhitelistRead = array (“Main Page”, “Special:Userlogin”, “Wikipedia:Help”);

# Specify who may create new accounts: 0 means no, 1 means yes
$wgWhitelistAccount = array ( ‘user’ => 0, ‘sysop’ => 1, ‘developer’ => 1 );

Posted May 9, 2012 by Timothy Conrad in category "Websites

About the Author

If I were to describe myself with one word it would be, creative. I am interested in almost everything which keeps me rather busy. Here you will find some of my technical musings. Securely email me using - PGP: 4CB8 91EB 0C0A A530 3BE9 6D76 B076 96F1 6135 0A1B View all posts by Timothy Conrad