The security model of the Forums module has two parts:
1. Security of the Forums module administration interface.
2. Security of the forums published on the website.
Access to the Forums module administration interface in CMS Desk -> Tools can be managed in the Modules -> Forums permission matrix at CMS Site Manager -> Administration -> Permissions (or CMS Desk -> Administration -> Permissions; only applies to the current site):
•Modify - allows users to modify forum settings
•Read - allows users to only read forum settings
Users without any permissions who are moderators of at least one forum are allowed to access the Posts waiting for my approval dialog only.
If you Edit () some forum and switch to its Security tab, the permission matrix displayed in the screenshot below will be displayed.
Columns of the matrix represent the following actions:
•Access to forum - defines who can enter the forum and view posts
•Attach files - defines who can attach files to forum posts
•Mark as answer - defines who can mark posts as answers in Question - Answer forums
•Post - defines who can add posts to the forum
•Reply - defines who can reply to forum posts
•Subscribe - defines who can subscribe for receiving notifications about new posts in the forum
Rows in the top part of the matrix have the following meanings:
•Nobody - the action can't be performed by anyone
•All users - anybody can perform the action
•Authenticated users - only signed-in registered users can perform the action
•Authorized roles - only members of roles specified in the lower part of the matrix can perform the action
Below the permission matrix, there is one more check-box:
Allow user to change the name - if checked, users can change their name displayed with a forum post when entering the post; if unchecked, their user name will be used
The following properties of the Forum group web part are also related to forum security:
•Hide forum to unauthorized users - indicates whether forums for which the user has no permissions are visible for them in the list of forums in a forum group
•Redirect unauthorized users - determines whether to redirect unauthorized users to the logon page or whether to display only an info message
•Access denied page URL - URL where the user is redirected when trying to access forum for which they are not authorized