OAuth and bot passwords (and maybe other things, now that grants are in core) rely on $wgGrantPermissions to expose access to privileged functionality, but most extensions don't support it. Any extensions that defines a user right which can in some way influence use of the API should also create a grant for that right, or add it to some existing grant.
|Open||None||T142308 Most extensions which add a user right should also add or extend a grant|
|Resolved||• MarcoAurelio||T142306 Adding globalblock-exempt to Grants in GlobalBlocking extension for OAuth use|
|Resolved||demon||T134027 Improper default settings for grants|
|Resolved||aude||T124269 Add wikibase rights to $wgGrantPermissions|
|Resolved||MusikAnimal||T126756 Bots cannot access abusefilter API endpoint under new authentication system|
|Resolved||MusikAnimal||T145349 Add massmessage permission to highvolume grant|
|Resolved||Anomie||T150231 FlaggedRevs permissions should be available in grants|
|Open||Urbanecm||T205781 Add oathauth-enable to basics grant|
|Resolved||JJMC89||T201904 Add "pagequality" right to User rights when logged in via OAuth|
|Resolved||JJMC89||T207915 Add createpagemainns right to a grant|
|Resolved||Daimona||T161816 Cannot grant a user ability to view log entries of private filters|
User groups are assigned to users. Grants are assigned to tools. When a tool acts through a user account, it will only have those rights which are available both through the user's groups and the tool's grants.