Manual:$wgRevokePermissions

From Linux Web Expert

<translate> User rights, access control and monitoring</translate>: $wgRevokePermissions
Permission keys revoked from users in each group.
<translate> Introduced in version:</translate>1.16.0 (r52083)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(Complex array of boolean values.)
<translate> Default value:</translate>[]

Details

$wgGroupPermissions allows setting permissions for user groups. $wgRevokePermissions allows revocation of any of those permissions. Revoking a right with $wgRevokePermissions takes precedence over granting it with $wgGroupPermissions. If the right is revoked for even one of the user's groups, they will not have it, regardless of whether it's explicitly permitted by other groups.

Example
$wgRevokePermissions['sysop']['editinterface'] = true;
Result is (when viewing Special:ListGroupRights)
  • Edit the user interface (editinterface)

This acts the same way as $wgGroupPermissions , except that if the user is in a group here, the permission will be removed rather than added. A good use-case for this setting is in conjunction with $wgAutopromote and APCOND_BLOCKED to further restrict the rights of blocked users. Another use-case could be the creation of other "blocked groups" where a sysop can (via $wgAddGroups ) add a user to a group to allow them to edit pages normally, but prevent them from being able to move pages.

File:OOjs UI icon notice-destructive.svg <translate> Warning:</translate> Improperly setting this could mean that your users will be unable to perform certain essential tasks, so use at your own risk!