Lack of Documentation?

[Quercus]

Apologies for sounding like an idiot here, but I can't help feeling that the permissions system used in TS3 is needlessly complicated and is accompanied by an apparent lack of clear documentation.

In TS2 permissions were frustrating because you had set access levels in which you could only remove of grant a limited number of predefined permissions, there was no flexibility in being able to assign certain permissions from higher-level access.

With TS3 it has gone from the sublime to the ridiculous with a hideously complicated (but very flexible) permissions system that seems to be compounded by a complete lack of coherent documentation.

You now have the five different layers of access (Server Group, Client, Channel, Channel Group, Channel Client) some with predefined groups with different access levels and all of those with what appears to be a greatly expanded range of access that not only can be granted, skipped or removed, but can also be set at different power levels (and don't even get me started trying to figure out what the hell the point of the identities and security levels function is).

What appears to be lacking in all this is a simple, clear description of the system; what the typical functionality and intended use for the predefined groups are, what the token system is and how it works, what the different power levels are and what they do - the basic things that make any setup user friendly.

And why is there no copy feature for groups? If I want to set up a custom group that has some permission settings altered from the default group, why can't I copy an existing group then change what I want to?
Why do I have to create a new blank group and then try and figure out what permissions they need from scratch?

I have checked through what documentation I have found on this system (and read many of the posts on this forum) but it all seems as clear as mud and it shouldn't be.
I appreciate this is a beta version of the code but there must be some guides on how to use the permission system from within TS3 out there?

[Birdie]

(and don't even get me started trying to figure out what the hell the point of the identities and security levels function is).

Excerpt from the doc/token_guide.txt that comes with each server binary.

The mechanism controlling user permissions on a TeamSpeak 3 server is fundamentally different than in TeamSpeak 2.
In TeamSpeak 2 individual users were added to the servers database and permissions bound to a user login name and password. In TeamSpeak 3 user login names and passwords no longer exist. Instead users connect to a virtual server providing just a nickname, which is only used for how to display the user to others but in no way related to access control. To indentify a user on a TeamSpeak 3 virtual server, a public key encryption mechanism is used:
When the Client is started for the first time, it automatically creates a key pair consisting of a public and a private key. The first time a new user connects to a virtual server, his client will automatically send his public key to the server. The virtual server creates an unique identifier from this public key and stores this identifier in its database. So instead of identification with login and password, a TeamSpeak 3 server identifies users by their unique ID.
Should the user delete his private key and create a new one when connecting, he will be treated as a new individual by the server.

Regarding the security level:
You can define a minimum security level that is required for accessing your server. This feature is meant to help you when banning clients. Though you might ban an IP and an identity, real buggers might change their IP and just setup a new identity. However, a newly created identity has a security level of 8. Setting the server's required security level to say, 24, you cannot immediately connect with a newly generated identity. Instead, you have to wait roughly 1 minute while the security level is increased. This waiting period will hopefully spoil the "fun" for the bugger and eventually keep him from returning with newly created and yet unbanned identities.

Be aware of the fact that increasing the security level by 1 step will cause you to double the waiting period. I would not recommend to set the security level to above 30 as this could require a VERY long waiting period, in some cases even locking you out of your own server.

What appears to be lacking in all this is a simple, clear description of the system; what the typical functionality and intended use for the predefined groups are, what the token system is and how it works, what the different power levels are and what they do - the basic things that make any setup user friendly.

Please check the doc/token_guide.txt file that comes with the server binaries.

I have checked through what documentation I have found on this system (and read many of the posts on this forum) but it all seems as clear as mud and it shouldn't be.
I appreciate this is a beta version of the code but there must be some guides on how to use the permission system from within TS3 out there?

Please check the doc/permissiondoc.txt file that comes with the server binaries.

Yes, there could be even more documentation, but you already stated yourself that this is still a beta version. Let's hope that there is much more documentation available when the final version is released.

[Quercus]

Thanks Birdie, that explains the security level system (although it seems a very convoluted way that I can't help feel would not discourage someone intent on creating a new ID on the server).

As for the other documents you mentioned, I have already read them and they don't really shed any more light on the subject. I understand the five different tiers and how the permissions precedence works, what I don't understand is how the default groups are set up and what is the easiest way to replicate them, why they are set up the way they are and what the different power levels represent and when to use them.

[mvdstroom]

I dont think that documentation is going to solve all of the problems.

The whole permission system is WAY to complex.

Example:

I create a channel
someone joins the server
I give that person voice
that person cannot join the recently created channel

Why not? Why does this channel not have the proper default settings so that people can actually use it?

[Salah ad Din]

Thats kinda weird. A newly created channel is joinable by anybody on the servers I frequent, even Guests.