Requiring Administrator Approval of New Members (Gatekeeping Function)

Hello.  I am new to Nabble and am evaluating this as a potential candidate for embedding discussion forums in a school intranet site (K-JrHigh) for parents/faculty to communicate.  As the subject matter of any forum discussions would be concerning children and families, we really don't want just anyone to be able to register and be automatically approved to begin viewing the forum.  We would like to be able to verify the identity of the user or have some sort of administrative approval (gatekeeper function) before they are able to come in and lurk about, even if they never post.  Is there a way to do this?

You need to look at permissions and change them when you are in the outermost layer of Nabble, then they will apply to everything else (Inherit)... Options > Users > Change Permissions > ...
Note: my outer most layer is accessible to me via the breadcrumb links at top of page...
Ensure that only Admin or Members are allowed to perform the function.

With mine, Anyone can read everything...
Users have to register in order to get a user name, but cannot post until they have Logged in.
When they log in, I check to make sure that they are from our local area, by looking on their websites.

You will need to force users to register and log in BEFORE they can do anything.

OK, so if go to "Options" from my very top level forum page, then Users>>Change Permissions...

I have "View" set to "Administrators" "Members" "Authors" as enabled (checked).

Same for "Create Topic" and "Reply"

Everything else is pretty much Administrator Only.  Nothing is checked for "Anyone" or "Authenticated".

When I test it with another email address, and go to the forum main page and click "register", then go through the process of registering, I get an email that has a link to click.  I click the link, and there I am viewing the forum!  What I want is for the verification to go through another layer... requiring their registration to be held for an administrator to "OK" them to even see/browse the forum.  

"Members" appear to self-approve and I don't know how to make it more restrictive without disabling "View", which would make the forum useless (I think...?) even to members unless everyone is an administrator, which could get understandably chaotic

Am I just missing something?

The "View" permission is certainly the configuration you have been looking for. Please be sure that you disabled that permission for "Anyone" and "Authenticated" and left only "Administrators" and/or "Members" checked. If you still have issues, please post the link to the forum and we will take a look.

Thank you for your reply, Hugo.  

I think I figured out what was happening. I had manually added my "non-admin" account as a member, but it was also in the "authenticated" list.  Once I removed myself as a member, it took me to the screen to request access, which is what I need.

Can you tell me if there is a way to customize the verbiage on the screen where an authenticated person (provided email address, but not yet on the member list) requests access?

Hello DragonPrincess,

I am assuming that you already have, or have access to, the parents’ and faculty’s e-mail addresses. Regarding your need for gatekeeper function, here’s what I did:

Register with Google (http://www.google.com/accounts/)
Create a form in Google Docs (It’s quite simple)
     The form should include fields for user replies such as, for example:
          Full name
          Username
          E-mail address
          Password

Feel free to add other form fields as your project warrants. Test the form by emulating information that a user would enter into the fields.

You can embed the form in an e-mail, or direct your recipients to the form’s permalink (URL) where they can fill it in online. Google Docs will automatically take the user information from your forms and put the user information into an Excel spreadsheet that you can download!

You can cross-verify your original mailing list against the users in your spreadsheet who have filled out your form for any “unknowns” who may be trying to hack/spam your forum. In Excel you can check for duplicates between your original email list and the e-mail addresses in the user-supplied forms. You do this by appending your original e-mail addresses into the Excel column in which your form’s e-mail addresses are. Highlight the entire column of data, then click on Home > Conditional Formatting > Highlight Cell Rules > Duplicate Values. Accept the default formatting. The dupes will be highlighted. Highlighted duplicates in the form’s data area of the column indicate that the users are legitimate. Non-highlighted entries in the form’s area may indicate possible unsolicited people filing out your form in an attempt to gain access to your forum.

I use the spreadsheet data to register each user into Nabble’s Register Now screen. I then send an e-mail to each user notifying that I have registered him/her. I always indicate that the user should look for the Nabble verification e-mail in the SPAM folder (usually where it winds up!). My e-mail also includes the user’s login Username, E-mail Address, and Password, so that the user has these for her/his records when they want to log in.

All the user has to do is click on the Nabble link in the verification e-mail that Nabble sent them, and their registered!

At that point, you can use Nabble’s Authenticated list (Options > Users > Manage Users & Groups) to enter your members’ info into your Members list there. Only those users who responded to Nabble’s e-mail should appear in the Authenticated list. Those who don’t appear should be sent another e-mail so that they are reminded to locate and use the Nabble e-mail.

In Nabble, you should set your Permissions only in the Members column (and you as Administrator, of course). Do not allow any checkmarks in the “Anyone” or “Authenticated” columns. It’s strictly members-only!

I’d recommend making it a point of checking to be sure that each user whom you have registered has “Registered” status in Nabble. Go to People> Members and you’ll see the usernames of each member, and their status as “Registered” or “Unregistered.” Unregistered users can be problematic, as they can’t login! That also means that you can’t login as them to delete them and start all over again. The best option is to start from scratch by asking your Unregistered member to provide a different e-mail address, username, and password. My members have not reacted kindly to this, especially as they have to set up a different e-mail account.

Also make sure that your forum’s privacy settings are properly configured. You can test this by posting a topic and a comment. It should show “private” on the screen. Also, check your forum settings regarding making your site public. When I first set up my Nabble forum, I temporarily created a few free e-mail accounts (AOL, gmail, hotmail) and used these to verify the entire process and user experience, including posting topics, replies, comments, etc. I later deleted these temporary e-mail accounts once I had thoroughly tested my forum site.

What I have described will not only give you basic gatekeeper capabilities, but it will allow you to quickly and definitively prevent anyone who tries to register themselves to you forum.  Even better, if anyone on your mailing list causes problems on the site, you have their Username, Password, and E-mail Address. You can log in as them, go to the offender’s profile, and delete them (something you can’t do if you let your users perform their own data entry on Nabble’s Register Now screen). “Banning” users is a joke, by comparison to deleting them!

Hopefully, this will help you.

Regards,
The Magazine Collector

Hello Again DragonflyPrincess,

I’ve re-read your initial question. My last post addressed issues specific to gatekeeper functions for Nabble. However, your remarks about embedding a discussion forum into your school’s intranet deserve some comments.

You should not embed the forum into an intranet. Intranet gatekeeper functions require that no one but school staff is ever allowed access to your intranet. Perhaps you meant an extranet, which is an intranet that can be partially accessed by authorized outside users so that your faculty can securely exchange information with parents over the Internet. Your web designer and webmaster will create the appropriate firewalls and secure outside-user access protocols (gatekeeper functions) appropriate to your extranet.

However, perhaps you should consider the issues of your forum's content. What information about the children and families are you going to make available to those who are able to come in and lurk about? My usual interpretation of how I administer my forums is that I’m going to be hand-off as to controlling or limiting what my members post. To me, that’s what a private members-only forum is all about.

Your initial information strongly suggests to me that my exposing your level of forum content to those who are able to come in and lurk about would not be fair to my forum members…I wouldn’t be respecting their legitimate assumption of privacy.

I have encountered such concerns in one of my three Nabble applications. I have a photos/images/video Gallery page embedded in one of my website’s pages. I was concerned as the administrator that I was opening a door to inappropriate images, videos, etc. So I developed two Nabble applications:

1.  Gallery Posting forum (private forum where members submit photos/content)
2.  Gallery Viewing forum (embedded in website for public viewing of filtered content)

I personally don’t relish being a censor, and I do my best to avoid filtering at all. However, as an administrator, I do have to abide by Nabble’s content policies (as well as Google’s, since my website is powered by Google).

My website is designed to not only give unknown viewers a taste of what they could get if they joined, but also to acknowledge and reward my members by showcasing some of their behind-the-scenes contributions.

Again, I hope this helps you.

Regards,
The Magazine Collector