User groups

From Miraheze Meta, Miraheze's central coordination wiki
Default user groups

User groups (also sometimes referred to as flags) are bundles which contain user permissions assigned to them. Users can then be promoted to these user groups to allow them to use all the permissions within the user group.

This article covers the default user groups on Miraheze wikis and the permissions they have assigned to them. Some wikis may choose to add or remove permissions from a group or completely delete a user group, so this guide may not be indicative or accurate on some wikis which have chosen to deviate from the default user groups and permissions. No wiki, however, can delete a restricted local group or a global group.

Local groups

Local groups are all groups which only have power on one wiki, their local wiki. Unlike global groups which can do certain actions on all Miraheze wikis, local groups only have power on one wiki.

Below is a list of all local groups as they are by default and includes restricted user groups which only Stewards and Trust and Safety can assign.

Bureaucrats

Bureaucrat is the highest local group a user can obtain by default. Bureaucrats can promote and demote administrators and interface administrators. Additionally, bureaucrats are not affected by rate limits, can override local account spoofing checks in AntiSpoof, and can access ManageWiki.

By default, bureaucrats cannot be demoted by other bureaucrats, only Stewards may do that. Bureaucrats also hold an immense amount of power locally. Only promote trusted users to bureaucrat. If you are a bureaucrat, you can request other bureaucrats be demoted on the Stewards' noticeboard (granted you have a good reason for it such as bureaucrat or community consensus, resignation, or another good reason).

The bureaucrat group alone does not give users the ability to do many tasks often associated with being an administrator, such as banning users and deleting pages. To achieve all of that, you must also be an administrator.

Click "Expand" to see this group's permissions
# Permission Description:
1 noratelimit Not be affected by rate limits
2 override-antispoof Override the spoofing checks
3 managewiki ⧼right-managewiki⧽

Administrators

Administrator (in the "sysop" group) is the second-highest local group a user can obtain by default. Administrators can block users, protect or delete pages, among many other administrative duties.

By default, administrators may only be demoted by bureaucrats and may not demote or promote others to administrator. Administrators can promote and demote users to autopatrolled, confirmed or rollbacker.

Click "Expand" to see this group's permissions
# Permission Description:
1 apihighlimits Use higher limits in API queries
2 autoconfirmed Not be affected by IP-based rate limits
3 autopatrol Have one's own edits automatically marked as patrolled
4 block Block or unblock other users from editing
5 blockemail Block or unblock a user from sending email
6 browsearchive Search deleted pages
7 createaccount Create new user accounts
8 delete Delete pages
9 deletechangetags Delete tags from the database
10 deletedhistory View deleted history entries, without their associated text
11 deletedtext View deleted text and changes between deleted revisions
12 deletelogentry Delete and undelete specific log entries
13 deleterevision Delete and undelete specific revisions of pages
14 editinterface Edit the user interface
15 editprotected Edit pages protected as "Allow only administrators"
16 editsemiprotected Edit pages protected as "Allow only autoconfirmed users"
17 editsitecss Edit sitewide CSS
18 editsitejson Edit sitewide JSON
19 editsitejs Edit sitewide JavaScript
20 editusercss Edit other users' CSS files
21 edituserjson Edit other users' JSON files
22 edituserjs Edit other users' JavaScript files
23 import Import pages from other wikis
24 importupload Import pages from a file upload
25 ipblock-exempt Bypass IP blocks, auto-blocks and range blocks
26 managechangetags Create and (de)activate tags
27 markbotedits Mark rolled-back edits as bot edits
28 mergehistory Merge the history of pages
29 move Move pages
30 movefile Move files
31 move-categorypages Move category pages
32 move-rootuserpages Move root user pages
33 move-subpages Move pages with their subpages
34 noratelimit Not be affected by rate limits
35 patrol Mark others' edits as patrolled
36 patrolmarks View recent changes patrol marks
37 protect Change protection settings and edit cascade-protected pages
38 reupload Overwrite existing files
39 reupload-shared Override files on the shared media repository locally
40 rollback Quickly rollback the edits of the last user who edited a particular page
41 suppressredirect Not create redirects from source pages when moving pages
42 unblockself Unblock oneself
43 undelete Undelete a page
44 unwatchedpages View a list of unwatched pages
45 upload Upload files
46 upload_by_url Upload files from a URL
47 abusefilter-modify Create or modify abuse filters
48 abusefilter-log-detail View detailed abuse log entries
49 abusefilter-modify-restricted Modify abuse filters with restricted actions
50 abusefilter-revert Revert all changes by a given abuse filter
51 override-antispoof Override the spoofing checks
52 skipcaptcha Perform CAPTCHA-triggering actions without having to go through the CAPTCHA
53 generate-dump Generate wiki backups
54 delete-dump Delete wiki backups
55 view-dump View wiki backups
56 globalblock-whitelist Disable global blocks locally
57 nuke Mass delete pages
58 tboverride Override the disallowed titles or usernames list
59 massmessage Send a message to multiple users at once

Interface administrators

Interface administrator (in the "interface-admin" group) is a group which allows users to edit the MediaWiki namespace (which contains all system messages) along with sitewide and personal CSS, JavaScript, and JSON. Because editing the interface for the entire wiki or for certain users can lead to potential security issues, you should be careful who you give this to! Only give it to trusted users. Administrators can by default also edit the interface, so this group doesn't need to be granted to administrators for them to be able to edit system messages or sitewide/personal CSS/JS/JSON.

By default, interface administrators may be promoted or demoted by bureaucrats only.

Click "Expand" to see this group's permissions
# Permission Description:
1 editinterface Edit the user interface
2 editsitecss Edit sitewide CSS
3 editsitejson Edit sitewide JSON
4 editsitejs Edit sitewide JavaScript
5 editusercss Edit other users' CSS files
6 edituserjson Edit other users' JSON files
7 edituserjs Edit other users' JavaScript files

Bots

Bot (in the "bot" group) is a group which classifies a user as an automated process or bot. These users have their edits hidden in the Recent Changes by default to prevent them from clogging the page (though you can view their recent actions by removing the "Human (not bot)" filter in Special:RecentChanges). In addition to that, they have certain other permissions assigned to them to prevent them from getting caught in the CAPTCHAs, prevent them from getting caught in IP-based rate limits, among a few other permissions to prevent any interference for legitimate bots.

By default, bots may be promoted or demoted by bureaucrats only.

Click "Expand" to see this group's permissions
# Permission Description:
1 apihighlimits Use higher limits in API queries
2 autoconfirmed Not be affected by IP-based rate limits
3 autopatrol Have one's own edits automatically marked as patrolled
4 bot Be treated as an automated process
5 editsemiprotected Edit pages protected as "Allow only autoconfirmed users"
6 nominornewtalk Not have minor edits to discussion pages trigger the new messages prompt
7 suppressredirect Not create redirects from source pages when moving pages
8 skipcaptcha Perform CAPTCHA-triggering actions without having to go through the CAPTCHA

Rollbackers

Rollbacker (in the "rollback" group) is a group which allows users to quickly revert all the edits made by the last user who edited a certain page. The ability to rollback is already included in the administrator toolset so you do not need to promote administrators to this group for them to be able to roll back edits.

By default, rollbackers may be promoted or demoted by administrators.

Click "Expand" to see this group's permissions
# Permission Description:
1 rollback Quickly rollback the edits of the last user who edited a particular page

Autopatrolled users

Autopatrolled (in the "autopatrolled" group) is a group which allows users' edits to be automatically 'patrolled' (marked as "reviewed") and prevent them from appearing in the Recent Changes with a red exclamation point. These users can also mark other's edits as reviewed. This permission is typically granted to users who have shown that they don't need to be monitored.

By default, autopatrolled users may be promoted or demoted by administrators.

Click "Expand" to see this group's permissions
# Permission Description:
1 autopatrol Have one's own edits automatically marked as patrolled
2 patrol Mark others' edits as patrolled
3 patrolmarks View recent changes patrol marks
4 skipcaptcha Perform CAPTCHA-triggering actions without having to go through the CAPTCHA

Confirmed users

Confirmed users (in the "confirmed" group) are users who can bypass certain restrictions set on new accounts, such as CAPTCHAs, and can edit pages protected against non-(auto)confirmed users. This is done to prevent spam.

By default, confirmed users may be promoted or demoted by administrators.

Confirmed users are granted these permissions by default:

Click "Expand" to see this group's permissions
# Permission Description:
1 autoconfirmed Not be affected by IP-based rate limits
2 editsemiprotected Edit pages protected as "Allow only autoconfirmed users"
3 skipcaptcha Perform CAPTCHA-triggering actions without having to go through the CAPTCHA

Autoconfirmed users

Autoconfirmed users (in the "autoconfirmed" group) are users who can bypass certain restrictions set on new accounts such as CAPTCHAs, and can edit pages protected against non-autoconfirmed users just as those in the "confirmed" group, except that they are, by default, automatically promoted to autoconfirmed after their account reaches 4 days of existence and 10 edits made. If you don't wish to wait that long, you can forcefully promote a user to confirmed to allow them to bypass CAPTCHAs and edit semi-protected pages without meeting the threshold for automatic promotion to autoconfirmed. This is done to prevent spam.

In addition to the above, autoconfirmed users are also given these permissions:

Click "Expand" to see this group's permissions
# Permission Description:
1 createaccount Create new user accounts
2 mwoauthproposeconsumer Propose new OAuth consumers
3 mwoauthupdateownconsumer Update OAuth consumers you control

Members

Member (in the "member" group) is a group given to users on private wikis which allows them to read a wiki. Apart from being able to read the wiki, they hold no other special permission.

By default, members may be promoted or demoted by administrators.

Click "Expand" to see this group's permissions
# Permission Description:
1 read Read pages

Users

User (in the "user" group) is a group that is made up of all registered users, whether they have any advanced group or not.

No one can revoke the user user group from a user. Though they can be banned, they can never lose their user group.

Click "Expand" to see this group's permissions
# Permission Description:
1 applychangetags Apply tags along with one's changes
2 changetags Add and remove arbitrary tags on individual revisions and log entries
3 createpage Create pages (which are not discussion pages)
4 createtalk Create discussion pages
5 edit Edit pages
6 editcontentmodel Edit the content model of a page
7 editmyusercss Edit your own user CSS files
8 editmyuserjson Edit your own user JSON files
9 editmyuserjs Edit your own user JavaScript files
10 minoredit Mark edits as minor
11 move Move pages
12 movefile Move files
13 move-categorypages Move category pages
14 move-rootuserpages Move root user pages
15 move-subpages Move pages with their subpages
16 purge Purge the cache for a page
17 reupload Overwrite existing files
18 reupload-shared Override files on the shared media repository locally
19 sendemail Send email to other users
20 upload Upload files
21 torunblocked Bypass automatic blocks of Tor exit nodes

(everyone)

(everyone) (in the "*" group) is a group that is composed of all registered and non-registered users. This means that this includes both users and IP editors.

Removing permissions from this group is useful to prevent IP editors from doing certain actions. If you remove a permission from this group, you should ideally move it to the "user" group to allow users to be able to do the action (such as editing).

Click "Expand" to see this group's permissions
# Permission Description:
1 createaccount Create new user accounts
2 createpage Create pages (which are not discussion pages)
3 createtalk Create discussion pages
4 edit Edit pages
5 abusefilter-log-detail View detailed abuse log entries
6 abusefilter-view View abuse filters
7 abusefilter-log View the abuse log

Restricted local user groups

On all wikis, a few groups exist which are not assignable by bureaucrats. These groups are only assignable by users in global groups with the userrights/userrights-interwiki permission in their toolset as all these user groups wield an immense amount of power locally.

Check users

CheckUser is a special group and tool which allows its wielders (called Check users) to check users' IP addresses, user-agents, along with some other information. This permission is only used when investigating sockpuppetry or platform abuse and is not assignable by local bureaucrats. CheckUser is, by policy, restricted for use only by Stewards and Trust and Safety.

Click "Expand" to see this group's permissions
# Permission Description:
1 checkuser Check users' IP addresses and other information
2 checkuser-log View the checkuser log

Local Interwiki administrators

Interwiki administrator is a local group which allows its users to edit the local interwiki table of a specific wiki. Unlike global Interwiki administrators, local Interwiki administrators can only edit their local wiki's interwiki table.

To be a local Interwiki administrator, an election must first be held on the wiki where Interwiki administrator is requested, and the candidate must meet eligibility requirements. Refer to the Interwiki administrators page for more information.

Local interwiki administrators may only be promoted or demoted by Stewards, in compliance with policy.

Click "Expand" to see this group's permissions
# Permission Description:
1 interwiki Edit interwiki data

Oversighters

Oversight is a special group which allows its wielders (called Oversighters) to completely suppress and hide log entries and revisions from everyone who is not an Oversighters, including local administrators and even Stewards themselves when they do not have the oversight flag on. It is typically only used to hide personal information and is not assignable by local bureaucrats. Oversight is, by policy, restricted for use only by Stewards and Trust and Safety.

Click "Expand" to see this group's permissions
# Permission Description:
1 abusefilter-hidden-log View hidden abuse log entries
2 abusefilter-hide-log Hide entries in the abuse log
3 browsearchive Search deleted pages
4 deletedhistory View deleted history entries, without their associated text
5 deletedtext View deleted text and changes between deleted revisions
6 deletelogentry Delete and undelete specific log entries
7 deleterevision Delete and undelete specific revisions of pages
8 hideuser Block or unblock a username, hiding or unhiding it from the public
9 suppressionlog View private logs
10 suppressrevision View, hide and unhide specific revisions of pages from any user

Local Stewards group

Steward is a special local group rarely granted by Stewards to themselves. This local group differs from the Steward global group in that this group only affects Stewards locally on one wiki. Stewards typically assign themselves this group to manipulate local permissions while on that wiki instead of using Meta to remotely change permissions. Typically, this is in certain circumstances where the local wiki has a custom local user group that does not exist on Meta Wiki and temporarily adding the local bureaucrat to themselves would not work as the custom local user group is hierarchically higher than the local bureaucrat user group.

Click "Expand" to see this group's permissions
# Permission Description:
1 centralauth-usermerge ⧼right-centralauth-usermerge⧽
2 usermerge ⧼right-usermerge⧽
3 userrights User rights

Global groups

Global groups are user groups which have certain permissions across all Miraheze wikis. Their permissions cannot be revoked or changed by local bureaucrats and administrators.

Stewards

Stewards (in the "steward" global group) are community elected officials who "work with communities to address issues facing them locally such as disputes, abusive or disruptive behaviour as well as global issues such as disruptive behaviour across multiple wikis." They have full access to all parts of the MediaWiki interface, including CheckUser and Oversight.

For more information, please check Stewards. For a list of this group's permissions, see Special:GlobalGroupPermissions/steward.

Global sysops

Global Sysops (in the "global-sysop" global group) "are users who assist Stewards in supporting the community and working with communities to address issues facing them locally as well as cleaning up vandalism, preventing it when possible and enforcing Miraheze's global policies."

For more information, please refer to Global Sysops. For a list of this group's permissions, see Special:GlobalGroupPermissions/global-sysop.

Global rollbackers

Global Rollbackers (in the "global-rollbacker" global group) are trusted users with a track record in countering vandalism who help Global Sysops and Stewards fight vandalism by monitoring wikis and reverting spam and vandalism where detected using their rollbacking abilities.

For more information, please refer to Global Rollbackers. For a list of this group's permissions, see Special:GlobalGroupPermissions/global-rollbacker.

System administrators

System administrators (in the "sysadmin" global group) are users who work at Site Reliability Engineering which maintains Miraheze's infrastructure and keeps Miraheze running smoothly. These users have permissions assigned to them to ensure they can debug any broken feature or fix anything that is broken.

For more information, please refer to Tech:SRE Volunteers. For a list of this group's permissions, see Special:GlobalGroupPermissions/sysadmin.

Trust and Safety

Trust and Safety (in the "trustandsafety" global group) works to resolve issues which affect Miraheze's trust and safety. They work to enforce the Terms of Use and to investigate potential abuse on the platform. These users are granted permissions that allow them to investigate fully and redact any personal information.

For more information, please refer to Trust and Safety. For a list of this group's permissions, see Special:GlobalGroupPermissions/trustandsafety.

Global Interwiki administrators

Global Interwiki administrators (in the "global-interwiki-admin" global group) are users who can edit the interwiki table for any wiki across all of Miraheze. Unlike local interwiki administrators who can only edit the interwiki table for their wiki, global interwiki administrators can edit the interwiki table of any wiki upon request.

Interwiki administrators cannot edit the global interwiki table (located at Meta) though, only Meta administrators can.

For more information, please refer to Interwiki administrators. For a list of this group's permissions, see Special:GlobalGroupPermissions/global-interwiki-admin.

Click "Expand" to see this group's permissions
# Permission Description:
1 interwiki Edit interwiki data

Global IP block exemption

A global IP block exemption (granted by the "global-ipblock-exempt" global group) is a special type of exemption which is given to users who are affected by 'hard' IP range blocks, StopForumSpam automatic blocks or to who can't edit wikis because they use Tor.

Most Miraheze wikis allow registered users to edit if they use a StopForumSpam-blocked or Tor IP range, which makes granting global IP block exemptions rare.

For more information, please refer to Global IP block exemption. For a list of this group's permissions, see Special:GlobalGroupPermissions/global-ipblock-exempt.

Global flooders

Global Flooders (in the "global-flood" global group) are users or automated scripts who are treated as bots by MediaWiki on all wikis. This means their edits do not appear in pages such as the Recent Changes so as to not flood these with their repetitive actions. Granting this permission to any non-system administrator to run this process is very rare and has never been done, though it can be done at a Steward's discretion.

For more information, please refer to Global Flooders. For a list of this group's permissions, see Special:GlobalGroupPermissions/global-flood.


Default user groups by extension

Some extensions add a few user groups to the ones already existing on-wiki.

Translation administrators

Translation administrators are the users with the ability to mark pages for translation using the Special:PageTranslation interface that is the part of Translate extension. Translation admins decide which pages and text should be marked for the translation.

Click "Expand" to see this group's permissions
# Permission Description:
1 pagelang Change page language
2 translate-import Import offline translations
3 translate-manage Manage message groups
4 pagetranslation Mark versions of pages for translation