I created a category and a forum but do not appear in the list of categories and forums
congratulations. [originally posted on jforum.net by triplox-xxx]
Migrated From Jforum.net
Joined: Apr 22, 2012
Soryy for the delay, just getting back from a weeks vacation.
I assume the category and forum was created via the admin screens. If so, make sure that the user is in a group that has rights to see this. Some of the "security" options that can be set when the category or forum is created can deny the admin user access.
It also might be because you are either in a clustered environment (not well supported by jforum) or did this directly via the db. In that case, try restarting the jforum web app to update the in-memory caches. [originally posted on jforum.net by monroe]
The need as "Admin" to reset group security permissions to see newly created forums is infuriating at best and stupid at worst.
However one internally implements security in a product, there has to be a controlling user or role for a function - such as creating a forum - and it's normal for that user/role to then automatically have at least view and usually update privileges on that function. Any other default behaviour is not only counter-intuitive but also a huge waste of time.
How would JForum know what that default user should be? I don't likely the current behavior because I'd like an option to make it available to all roles in a single click. But failing closed does seem reasonable.
Joined: Jun 30, 2014
Virtually all mature operating systems and many enterprise grade products use the concept of a "super user" that has complete control of the system. Traditionally "root" for UNIX and Linux and sort of "Administrator or Local System User" for Windows although Microsoft never seem able to make their mind up just who is the ultimate authority in their world.
Because of the need for delegated authority and/or separation of duties in larger organisations, we are certainly seeing both the availability and increased adoption of role based administration whereby the actual "super user" account is often not used directly anymore. Instead accounts with powers delegated to them by the super user are the login accounts for real people to control systems.
Clearly there are other ways of doing things but the above model has proven both sound and manageable so why change it without compelling reason?
That being said, jForum's "Admin" user could and in my opinion should be its super user. And for most people that should be the end of the matter - Admin should have all privileges and see everything as a matter of course. KISS principle and all that.
For those individuals / organisatiopns wanting something more sophisticated I suspect jForum isn't really the right product anyway. And there's always the java security manager one could invoke if paranoid.
Me, I just want to get on with building a forum capability for my web sites. A secure capability, yes. NSA proof, no.