Today I decided to create a community. It's not actually my own, it will be for the Romanian community, but I thought it is a good opportunity to test the creation of a new community and playing with roles, something I couldn't do from the outside.
The process of creation of a new community is very simple and I didn't find anything worth mentioning other than you really must backup the password (and later break it down into private keys to also store), and that you need 3 STEEM to do it. Without the password (or the private keys), you lose access to the community owner account. Just like on Steem with the regular accounts.
I'll keep my remarks short and to the point.
First Impact After Creating the Community
First of all, I liked that my account was added as admin by default. It is also great that after that the community page became active by default.
Next, I don't like so much how things went. I went to the "Explore Communities" page to see if the newly created community was listed. I didn't see it. Maybe there is a minimum activity or time elapsed needed to get on that page.
Then I logged out and logged in with my community owner account to add another admin. But then, I asked myself: how do I go to my community? I didn't see any way for the "regular guy" to go there. The easiest way I could think of, was to copy the username of the owner account, go to any community then replace their "hive-xxxxxx" part in the link with my owner account. Doesn't seem like something one would like to do. Maybe there's a better option, I didn't see it. The owner, admins, mods and why not regular members should have very easy ways to reach their communities.
I see two options here: either subscribe users with a role by default to a community where they have a role, or list separately the communities where a users has a role, like in the image below, perhaps filterable by role:
Bug: Logout / login maintains permissions until page is refreshed
Let's say you are logged in with an admin or mod account, then log out. If you (someone) log in with an account with less permissions, it will keep the permissions of the admin or mod account until you refresh the page. This image illustrates it:
I was able to pin the post with the account without any permissions. I could have muted the post. The issue is only big on shared computers I believe, where more people use Steem.
And the vice versa is also true (logging in with an account with more permissions after one with less), but that doesn't pose any security risk, only an inconvenience, at most.