How to set employee permissions for responding to forum threads

We have the following documentation on changing permissions.  In 11.x we only support permission changes at the group or application level.  In the upcoming 12 release, we provide options to customize default permissions for each group type.

If you want the permissions across all forums within a group, you would change the permissions at the Manage Group > Permissions panel.  These would be the default permissions for every forum within the group, unless you've changed the permissions for the forum within the Manage Forum > Permissions panel.

The forum permission 'Create Reply' would be used for allowing employees to respond to questions and discussion.   You would need to remove this permission from any role you do not want to have it.

The splitting of threads required the forum permission 'Moderate and Review Abuse' permission, which in your case would unfortunately also allow them to review abuse.

Moving a thread requires the user to have the forum permission 'Edit Discussions, Questions and Replies' in the source forum.  They will also need to have the 'Create Discussion/Question' and the 'Create Reply' permissions within the destination forum.

The group permission 'Manage Group Theme' is used to allow or deny roles the ability to edit pages or themes.

This is really helpful, Brian Dooley , thank you!

Just to confirm (and again, a Verint 101 question): I first need to ADD these new roles at the site level, using Administration/Members/Roles, correct? 

When I do add them at the site level, do I give them any site-level permissions? Or can I just leave everything unchecked and just head off to Manage Group Permissions next?

I think that's correct, but permissions make my head hurt, so I'm double checking. Thank you!

And one more follow up:

Currently, the Employee role has NOTHING checked at either the site level or the group level. And yet, when I impersonate employees on our staging area, I am able to post questions/discussions and reply to questions/discussions. Why is that possible if the "create reply" and "create post" permissions are UNCHECKED? I just don't understand how this is supposed to work. 

This would be because your employees are also members of the Everyone and Registered Users roles which likely have these permissions.

Permissions are inclusive.  If I have the permission in any role, I have the permission, there is no way to explicitly deny a permission to override it being granted somewhere else.

Yes, you would first need to create the roles via Administration > Members >Roles.  Site level permissions are only for site level actions.  If you wish to grant them any site level permissions, this is where you would grant them.  Otherwise, yes just head to the Manage Group > Permissions panel.

I think there is a way.  For example, we have certain users in a specified site role.  They are also inherited into the Registered User role and the Everyone role.  We have Create Discussion/Question checked for Member and unchecked for the 3 roles I mentioned above.  When a user joins a group, they also become a Member.  The Member permission allows creating posts, but we seem to be able to override that permission from the extra specified site role they are a part of and changing the permission settings for it within the application (Forum) permissions.  I was under the impression if permissions are set at the application level they take precedence over permissions at the group level.  Sorry if I'm adding more confusion, I just want to make sure I understand.  What I described here is what we have implemented and it is working to restrict the posting for a certain role even if they are a member of the group.

Hi Matt Nevill , OK first of all, I think I just saw a post from you on the Chicago group? Worlds colliding! Good to meet you here, too. I am in a new position and so launching Verint for the first time. (At my old position, we used Igloo).

Second of all, FWIW, I was under the same impression that site-level permissions always trump group-level permissions. But then Brian Dooley shared this resource, which seems to connote otherwise: (2) How do I change permissions for members of a group? - User Documentation - Verint Community 11.x - Telligent Community. I found the chart at the bottom of that resource to be pretty helpful, so thought I'd point it out just in case.

Matt Nevill , Application permissions do override group permissions when they are set for the same role.  If a site role registered users has the group level permission to create a forum post, and you customize the forum permissions and remove the permission for registered users, this will cause the registered users to not be able to create posts in the specific forum.  However, if members of the registered users role are also a member of another role that still has the permission, you would have to explicitly remove the permission from that role within that forum application.

Thanks for the confirmation.  That is my understanding as well, but it took a lot of reading and conversations for it all to finally make sense.  If some example scenarios using both site and group roles could be added to the documentation I think that would be very helpful to new Verint admins.  It would be especially nice if it could be a video explanation.