How do I change the default set of Group permissions for Owners, Managers and Members

Question

How do I have SYSTEM WIDE change the permission schema for Owners, Manager and Member? 
 I know there is an override to the default possible but it is a tedious operation having to do this for every permission setting 
 The use case is: I have a community where owners permissions need to be reduced to manager role. 
 Though your reaction is: Why do you not assign manager role to them? The system also has other hard wires to the owner role that are needed for this owner- role. 
 I just need to take away on system level owner permissions instead of having to deselect it every time I create one of hundreds of groups.

Patrick M. · Accepted Answer

Changing the default templates is only available in 12.0. You would go to administration->Groups and select Membership Types to deal with group default roles or Global Permissions for site roles.

Patrick M. · Answer

In v11 there is no option to modify a template, the best solution would be a plugin or automation that sets permissions individually on create, update or whatever is appropriate for your scenario

Former Member · Answer

PermissionIds are static, and exposed via script extensions for each application, e.g. core_v2_blogPermissions Script API , calendar_v1_permissions Script API , etc. (Also for groups: core_v2_groupPermissions Script API ) So you can know ahead of time what permissions would be available for each application, and set them at the group level, which would then be applied as the default for any new applications created in the group. (The reason I mentioned first creating a test group with applications would be to compare your desired permission list against the existing/out-of-the-box default list, to know which permissions need to be added or removed by your customization.) 
 Drop the ApplicationId portion out of the Set call: 
 $core_v3_permission.Set($isAllowed, $roleId, $permissionId, "%{ GroupId = $groupId }")) 
 
 $roleId would be the specific Group/Site role Id you want to alter this permission for 
 $permissionId would be the static value from one of the provided permissions extensions 
 $groupId would be the specific Group you're making this change for 
 
 Then, you can confirm by viewing Manage Group > Permissions > Group Roles > Members (or whatever role you are setting for) and checking there to confirm the permission is being set as expected.

Former Member · Answer

You can trigger from the Group.AfterCreate event and set Application permissions for the group for any role (site or group). To do this, just specify the GroupId in the options of the core_v3_permission.Set call. Any applications created after permissions at the group level have been set will inherit their initial permissions from the Group's configuration.

Former Member · Answer

Ok, I'm able to reproduce this behavior now. I'm logging a bug. The issue lies with the timing of creating the blog and then listing permissions. If no core service operation has occurred, then listing permissions can erroneously return an empty list, even though the permissions exist and have been created successfully. 
 As mentioned, any core service operation will populate the necessary record in the core Applications table. Search Indexing will do it, Activity Story creation (e.g. if a blog post is created that generates an activity story), and many other operations related to content like tags, views, etc. As I mentioned, these permissions do exist and will be properly checked, but they are not returned when listing via the API due to this timing issue. 
 
 Thanks for your patience and persistence tracking this one down.

Verint | Telligent Community · Answer

TE-17187: Can't view permissions via API for newly created blog has been completed for 12.1.1 , 11.1.11 , 12.0.5

How do I change the default set of Group permissions for Owners, Managers and Members

Top Replies