After hours of trial and error, then testing, I've concluded that the " configure member roles "permission (which opens up the configure member roles tab) only works with roles that are assigned site-wide.

My situation:
Authenticated users can be assigned "group creator" permission, which only allows creation/edit/delete of group node. Once they create their group, they are automatically assigned the "group admin" role group-wide through the "founder" automatic group-wide role assign feature. The "group admin" role is given "configure member roles" permission on the permissions page. However, the "configure member roles" tab doesn't show up for this creator.

Again, the logic is: user is assigned group creator role (site-wide) which permits him to create group nodes. Once he creates the node, he is automatically assigned "group-admin" role group-wide and therefore, theoretically, granted "configure member roles" permission based off that group-wide role. However, this doesn't work.

I tested it more by granting the group creator role "configure member roles" permission, and this did allow him to configure member roles in his groups . I then assigned the group-wide role "group admin" to another group user to theoretically allow him to configure member roles himself. This, again, didn't work.

So my conclusion is that "configure member roles" permission only works when associated role is assigned site-wide by the site admin. The ugly of this fact is that I can't do this ->
1. Promote somebody in the group to "admin"
2. all promoted "admin"s are automatically given group-wide role "group admin"
3. Now all those promoted to group admin have "configure member roles" permission.

So, the temporary fix of assigning "configure member roles" to site-wide group creators (those with create group node permission), means group founders are the only ones who can configure member roles, and they can't share this responsibility with other group admins. Furthermore, it seems (i'm too tired to test) they can "configure member roles" in any group they join.

But maybe i'm dumb. Any responses?

Comments

somebodysysop’s picture

somebodysysop commented

You should NOT have to assign "Configure member roles" permission sitewide. If it doesn't work on a group level, then your "Member roles aren't working".

See "Notes" on http://drupal.org/project/og_user_roles

Also: http://drupal.org/node/325259

bio44’s picture

bio44 commented
Status: Fixed » Active

Fixed by applying user.module patch here http://drupal.org/node/325259 #31 and keeping "clear cache" checked.

To SomebodySysop: "Thanks"

bio44’s picture

bio44 commented
Status: Active » Fixed
bio44’s picture

bio44 commented

spoke too soon. sorry. Applying the patch opened up the tab, but clicking on the tab gives access denied. i double checked permissions and even rebuilt permission ran update.php.

somebodysysop’s picture

somebodysysop commented

Then, you'll need to show what the output of og_user_roles test is for the urls where access should be granted but isn't.

See: http://drupal.org/node/164038

somebodysysop’s picture

somebodysysop commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.