The short answer is that jforum_roles define permissions to do things. These permissions are linked to groups.
Permissions can be defined as a global permission (e.g. admin permission) or be tied to a specific jForum "part" (e.g., a category or forum). The jforum_role_values table is used to tie the permission to a specific "part". If a permission, like the permission to view a forum (perm_forum), applies to a part, there will be a set of matching role_value entries where the role_value is the forum id. Similarly, if the permission applies to a category, the role_value will be the category id.
With older versions (prior to 2.1.8), there was a flag to determine is this permission allowed or not. This was dropped with 2.1.8.. I *THINK* the default is to use the "deny if not allowed (in roles/role_values)".. but there may be some permission specific variations.. (e.g., allow if not denied...). [originally posted on jforum.net by monroe]
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop