Contents
Permissions
Permissions are a core element of Hubzilla. They allow very fine-grained options for making content accessible, hiding it or restricting its use. They are also used to make direct messages possible by using authorisations to determine who can see the post (direct messages are nothing else) and who cannot.
Permissions for content
If you share content on Hubzilla, i.e. publish posts, upload images or texts, enter appointments in the calendar, you can define exactly who has access to this content. You can access the permission settings for content via a button ("Privacy Tool") with a padlock symbol 🔒or 🔓.
For sharing posts: 
For creating folders/directories in the cloud storage: 
For uploading files: 
For sharing dates/events: 
There are also corresponding permission setting options for websites, wiki pages and various other content.
If you click on the icon, the permissions dialogue opens, which you can use to set the permissions for other users (this is usually about the visibility of content).
You have the choice between
- Public - As the name suggests, the content is visible to everyone on the Internet. So even for users who do not use a Fediverse service.
- Only me - Here, only the user who created the content can see it. They ‘share’ it with themselves.
- Privacy groups - The content is visible to all users who are in one of your privacy groups.
- Customised selection - Here you can specify exactly who can see the content. It is also possible to combine privacy groups and individual contacts by selecting ‘Allow’ or ‘Deny’ for the respective entry.
Important note: Once permissions for postings have been set, they can no longer be changed! A posting is immediately distributed to an indeterminable number of other servers, so that permissions cannot be subsequently granted or withdrawn, whereas permissions for other content such as files, images, etc. can be subsequently edited because this content is only stored on your own instance (hub) and only the reference to the content is passed on when it is shared.
Permissions - User-defined channel roles
Channel roles define which rights are granted when interacting with a channel. They can be accessed under ‘Settings’ → ‘Channel settings’.
The role for a channel can be defined here. Channel roles also have an influence on contact roles because individual rights that are specified and inherited from the channel roles overwrite your own settings there. To truly customise the role permissions of your channel, you must select ‘User-defined’ as the channel role.
The other roles (‘Public’, ‘Personal’, ‘Community Forum’) are predefined authorisation roles (see: Channel roles).
With the customised channel roles, you can define who can perform the following interactions and how:
- Can see my channel stream and my posts
- Can send me the posts from their channel
- Can see my default profile
- Can see my connections
- Can see my file and image folders
- Can upload/modify my file and image folders
- Can see the web pages of my channel
- Can see my wiki pages
- Can create/edit web pages in my channel
- Can edit my wiki pages
- Can publish posts on my channel page (‘wall’)
- Can send me direct messages
- Can like/dislike profiles and profile stuff
- Can chat with me
- Can quote/mirror my public posts in other channels
- Can administer my channel
The following authorisations are then available for these interactions:
- Only me
- Only those you explicitly allow
- Accepted connections
- Any connections
- Everyone on this website
- All Hubzilla members
- Anyone authenticated
- Anyone on the Internet
To edit the custom role, select ‘Privacy settings’ in the settings. At the bottom right you will find the button ‘Custom channel role configuration’. If you click on it, a warning dialogue appears, which draws your attention to the risks of incorrect configuration. If you confirm that you want to edit the rights, the settings dialogue for the user-defined role rights opens.
Important note: The user-defined roles should be set with caution and harbour the risk that the channel will no longer behave as desired with certain configurations.
Permissions - Contact roles
Contact roles are used to create roles (i.e. a collection of rights and options) for contacts. These roles can then be assigned to a contact or all contacts in a privacy group (not the group itself). This restricts or extends the possibilities of contacts.
The ‘Contact roles’ app can be used to create roles that correspond to the channel roles. This permission role can then be assigned to individual contacts or all contacts in a privacy group in the contact editor or privacy group editor.
After creation, each channel automatically has the ‘Standard’ contact role (‘System role - not editable’). New contacts are automatically assigned this contact role (unless you create your own contact role, change this default setting and assign the new, customised role to new contacts in future). The default contact role includes authorisations based on the selected channel role. In addition to the rights granted by the channel role, some other rights are granted so that the channel behaves as you would expect based on the channel role (e.g. ‘Public’ is most similar to a ‘normal’ social network channel).
Note: Some of the rights of a channel role (whether standard or self-created) are inherited from the channel role. These rights cannot be revoked in the contact role. The contact role is a whitelist in which only additional rights can be granted.
You can assign a contact role to a contact in the connection editor. This dialogue also appears when you add a new contact. By default, the contact role for which the ‘Automatically assign this role to new contacts’ switch has been activated is selected here.
For channels without self-defined contact roles, this is always ‘Standard’. There is also a ‘Contact Roles’ button in the connection editor which takes you to the contact role editor if you want to create a new contact role for the contact.