Privacy controls, or lack thereof

Should pages be locked?

A common feature request we get is to add some sort of privacy/locking to individual pages. A GM wants to add something to the campaign, but make sure their players can’t change it. I’ve been adamantly against this for a long time, and I should probably explain why.


First off, let me define what I mean by fine grained permissions. This level of permissions involves the GM being able to restrict the visibility and modifiability of an element of the campaign, be it a wiki page, adventure log post, or character. In addition, fine grained permissions involves being able to restrict access to only certain players in the campaign, like only player A can see wiki page X. This is the model I’m discussing here.


Much of Obsidian Portal’s campaign structure is built on trust. The underlying concept is that you can trust your players. They are your friends and you play a game with them. I don’t want to cast aspersions on anyone’s group, but if there are trust issues with players maliciously editing your Obsidian Portal pages, I’d hazard a guess that there are bigger problems in your group. In other words, it’s a people problem, not a technical issue. Fix the core trust issue and everything else falls into place.

That’s not to say that a player might accidentally delete or change something. That’s a legitimate concern. Still, it’s extremely rare, and there are other features that we could work on to deal with this, like the ability to revert to an earlier version. I’d much rather make that than a permissions system.


Adding privacy/locking to individual items can cause a lot of usability issues, and those translate into user frustration, which then become angry emails in my inbox. Even with our minimal privacy controls now, I still get emails frequently from people wondering why their players can’t see something (you set the page to GM-only) or why a secret page is suddenly showing up in the Recent Updates (you un-set the page from GM-only to public). If we added more granular controls, this would only get worse.

That’s not to say it’s impossible to do. Plenty of websites and software packages have fine-grained permission systems like this. But, most of them are difficult to use and cause a lot of head-scratching. Getting the interface right would take a lot of time, testing, and iterating. We’re very good at iterating our interface to make it better one day to the next, but it’s a very time consuming process. I would much rather spend that time working on cooler features.

Player Participation

The biggest Achilles Heel that I see in Obsidian Portal is the lack of player participation. Many GMs put an incredible amount of effort into their campaigns, only to see their players completely ignore it. This happens in my own campaign, and I hate the way it makes me feel. Player participation, both in Obsidian Portal, and in the campaign world as a whole, is a holy grail that I’m constantly striving for.

Now, if you’re one of the lucky ones who has a player who wants to help out, we want to make that as smooth as possible. Complicated locking/privacy controls are just an extra hurdle that said helpful player will have to navigate. It requires that the GM and player coordinate to make sure that all permissions are set correctly. If we do a good job (not easy, by the way) of making it usable, then it won’t be too hard to figure out. On the flip side, if we don’t get it just right, it will involve lots of background emails (both to you, the GM, and to us, the OP support desk) saying, “Nope, I still can’t edit it. This thing sucks!” Wouldn’t you rather they were just making their edits to your campaign instead of hassling you about options and settings?

It may seem inconsequential, but it’s not. Most people will give something a decent try once, and then quit if they’re not immediately pleased. If a player tries to edit a wiki page and is denied by the permissions, it’s going to be kind of tough to get them to do it again. Yes, they are that lazy. Seriously.

Softening Resistance

All that being said, I’m beginning to soften a bit in my resistance toward fine grained permissions. Enough requests have come in that I’m seeing that it is important to a sizable group of people. If you’re part of this group, please explain to me why it’s necessary. Tell me why I’m wrong to think that group trust is strong enough to preclude the need for such a feature. Show me examples of other places that have done it well and made it usable. Make me believe that adding it will be beneficial to Obsidian Portal as a whole.

Update (Oct 2010)

This has generated some really great discussion and forced me to think about my underlying assumptions. I am now leaning toward making 2 changes to support some of this:

Private to 1 player

Several people have requested the ability to make something private to a single player. I can definitely see this being useful for building tension or a side plot. My only concern is making it easy to use. But overall I like the idea and I’ve added it to the TODO list.

Page versioning

For cases where an edit is a mistake or malicious, I think the ability to view the change and revert to an earlier version should be sufficient. There are some performance issues I’ll need to address here, but overall I’ve got an idea on how to proceed.

Update (Jan 2011)

We’ve added player secrets, which provides exactly what people need in order to keep secrets for the purpose of adding tension and mystery to their games. Enjoy!

Update (Feb 2012)

We’ve added page versioning, which closes the other half of what complicated privacy controls could provide. No more worries that players will accidentally (or maliciously) edit your pages and sneak things in or out.

Award Winning!

Gold ENnie for Best Website 09'-11'

Silver ENnie for Best Website, Best Podcast 2012-2013
Petrified Articles
© Copyright 2010-2018 Words In The Dark. All rights reserved. Created by Dream-Theme — premium wordpress themes. Proudly powered by WordPress.