I have some serious trouble trying to set up the security guidelines for a forum. What I want to do is set up a forum that only a specific group that I define has access to. When I tried to hide the forum from the ordinary user group, I used the following rule for the BB in the permission module to check if anything happens at all:
Shouldn't this prevent anybody from seeing any of the forums? When I registered a simple user and logged on with this account, I was still able to see each and every forum. Same thing happened when I changed the group to "USER" instead of "ALL". I have also tried to prevent users from seeing a forum by specifying the exact forum using the category:forum-name pattern, but no result. What am I doing wrong here?
I have read the security related docs in the Wiki and I think I understood them (at least I hope so), but there are still some more open questions: