Thank you for the reply and telling me what the _a permission stands for. That narrows it down a lot.
We did have the issue during conversion that for some reason the "Registered Users" group (which everyone is part of) was assigned to have admin access. We did remove that group from admin permissions via the ACP. The ACP now shows only the "Administrators" group as having permissions and no individual users having admin permissions.
The "Administrative permissions" mask view for regular users shows all permissions as Red/"Never", I tested a couple of random individual user masks.
However, our acl_groups table does contain tens of thousands of entries, as you suspected: I didn't check exactly, but it seems there's a combination of most groupids and every single forum_id and auth_option_ids, with auth_role_id mostly 0 and auth_setting 1 (except for auth_option_id 0, in those cases auth_role_id is 10 and auth_setting is 0), a total of 36.735 rows.
Similarily, we have 12.135 rows in the acl_users table, which also seems a lot. Here literally every single auth_role_id is 0 and auth_setting is 1.
Actual admin permissions should only exist for the default admin group, which has exactly two members. The vast majority of users will only ever have the "registered user" group, with close to standard user permission (we only did minor changes to the roles such as disallowing own-post-edit/delete). There are a couple of other groups, but none of them have more than a hundred members or so, and those mostly get additional forum access permissions for various categories/subforums.
However, I'm still unsure how to proceed or how to fix it. We did try to "purge cache" in the general settings, which did not help, and I don't want to manually mess with the DB without knowing exactly what the various ACL table schemas actually mean.
EDIT: Just for context, the migration from vb3 to phpbb3.3 was no mean feat. I found an old migration script for phpbb3.1 and php5.6 and had to extend it a bunch to get it to work at all, so some errors such as the permissions etc. were deemed acceptable. The total migration script took almost 2 full days simply to run for our 2 million posts, and only then we could upgrade to new phpbb with php8.3 .
We did have the issue during conversion that for some reason the "Registered Users" group (which everyone is part of) was assigned to have admin access. We did remove that group from admin permissions via the ACP. The ACP now shows only the "Administrators" group as having permissions and no individual users having admin permissions.
The "Administrative permissions" mask view for regular users shows all permissions as Red/"Never", I tested a couple of random individual user masks.
However, our acl_groups table does contain tens of thousands of entries, as you suspected: I didn't check exactly, but it seems there's a combination of most groupids and every single forum_id and auth_option_ids, with auth_role_id mostly 0 and auth_setting 1 (except for auth_option_id 0, in those cases auth_role_id is 10 and auth_setting is 0), a total of 36.735 rows.
Similarily, we have 12.135 rows in the acl_users table, which also seems a lot. Here literally every single auth_role_id is 0 and auth_setting is 1.
Actual admin permissions should only exist for the default admin group, which has exactly two members. The vast majority of users will only ever have the "registered user" group, with close to standard user permission (we only did minor changes to the roles such as disallowing own-post-edit/delete). There are a couple of other groups, but none of them have more than a hundred members or so, and those mostly get additional forum access permissions for various categories/subforums.
However, I'm still unsure how to proceed or how to fix it. We did try to "purge cache" in the general settings, which did not help, and I don't want to manually mess with the DB without knowing exactly what the various ACL table schemas actually mean.
EDIT: Just for context, the migration from vb3 to phpbb3.3 was no mean feat. I found an old migration script for phpbb3.1 and php5.6 and had to extend it a bunch to get it to work at all, so some errors such as the permissions etc. were deemed acceptable. The total migration script took almost 2 full days simply to run for our 2 million posts, and only then we could upgrade to new phpbb with php8.3 .
Statistics: Posted by Senshi_x — Mon Nov 18, 2024 2:18 pm