In order to keep the wiki running efficiently, some users have additional abilities (permissions) beyond those of basic users. These abilities are used for the maintenance of the site, but because of the potentially dangerous nature of these abilities, they are only given to trusted users.
The page here shows a table listing the rights of all types of users. I'll briefly cover the abilities of each type here, as well as how people get these abilities.
Unregistered / New Accounts
editUnregistered users have the lowest access levels. Because this is a wiki, they can still edit the site, but they are only able to edit pages which have not been protected or semi-protected. They cannot move pages (rename them) and they cannot create new pages that are not in their own userspace or in the Talk: namespace. New accounts are able to create pages, however are unable to move pages, or edit semi protected pages, as they have not been "autoconfirmed". For security reasons, an account must be at least four days old, and have 10 edits to make use of the privileges granted to registered users.
Autoconfirmed
editRegistered users have normal access levels to the site. They can edit any page that is not fully protected, they can move and create pages, and upload files. Again, users must hold an account for four days, and have made at least 10 edits, in order to use these features.
Confirmed
editIn some situations, it is necessary for accounts to be exempted from the customary confirmation period. The 'confirmed' group contains the same rights as the 'autoconfirmed' pseudo-group, but can be granted by administrators as necessary. There is no point in giving this right to a user whose account is already autoconfirmed, because it provides exactly the same abilities. To request this permission see Wikipedia:Requests for permissions/Confirmed.
Rollbackers
editAdmins and other users who have been granted the "rollbacker" permission are given the ability to revert multiple edits by a single editor at once. This tool is accessible within a user's contributions, page histories, and diff screens, and adds an extra [rollback] link to the page. When this link is clicked, the page will be reverted back to the last revision made by a user other than the one being rolled back. Since January 9, 2008, this tool can be granted by administrators to non-administrators. Use of this tool is, as with other permissions, "no big deal," as this permission can be duplicated with tools such as WP:TW which can be freely used. Despite this, the tool should only be used against vandalism, as specified in the rollback policy (still in proposed status as of this revision), and should not be used in content disputes or to violate WP:3RR.
Reviewers
editMembers of this group can review other users' edits to articles placed under pending changes protection. When pending changes was first implemented, the right was automatically assigned to administrators.
See Special:ListUsers/reviewer for a list of users in this group.
Account Creators
editThose who actively volunteer at Wikipedia account creation have their accounts "flagged" with the account creator permission. This enables them to create more than 6 accounts every 24 hour period which is currently restricted for those who don't possess the sysop (see below) or account creator privileges. This 6 account a day quota was implemented to prevent the problematic use of multiple account creations. Additionally, account creators can override the anti-spoof check enabling them to create accounts that are similar to existing usernames another task that the average user is unable to perform. This tool can be granted by administrators to non-administrators at WP:PERM.
IP Block Exempt
editOccasionally users who are in good standing will be affected by a block that was applied to another user. This is called an autoblock, and is automatically placed by the software to the IP address a blocked user last edited from, and any additional IP addresses they use while blocked. These are intended to prevent the blocked user from evading their blocks, but can affect others on a shared IP. If this happens to a user on a regular basis, or they are caught in a hard rangeblock, or for some exceptional reason need to edit from a blocked proxy, they can be granted the IP Block Exempt right if they meet certain conditions outlined at WP:IPBE. This permission is usually requested through an unblock request, and is removed as soon as it no longer becomes necessary. Users with the right may be "checkusered" (see below) occasionally to ensure it is not being abused.
Autopatrolled
editThis is designed for those who actively create new articles, and is designed to reduce the workload of new page patrollers. With this user right active, articles created by a user are not listed at Special:NewPages and the articles are automatically marked as patrolled. It means that the user can be trusted not to submit inappropriate material, deliberately or otherwise, and that the user submits new material often enough that it is more efficient to mark it all as approved preemptively.
Template editor
editMembers of this group are allowed to edit pages protected with template protection as well as create and edit editnotices. Template protection is only applied to pages in the template and module namespaces. It is intended to allow experienced template and module coders to make changes without having to request that an administrator make the edits for them.
See Special:ListUsers/templateeditor for a list of users in this group.
Administrators / Sysops
editAdministrators have much greater access compared to the average user. When approved to use the sysop tools, they have the ability to delete and restore (undelete) pages. In order to combat vandalism, they have access to a wider range of access tools - Automatic access to the "rollbacker" permission described above; The ability to grant "rollbacker, account creator, IP block exemption" permissions to other users; A special page called "unwatchedpages", which shows a list of pages not on anyone's watchlist; the ability to protect and unprotect pages, locking a certain revision in place until someone with the authority to do so edits it (sysops can edit any protected page); the ability to view deleted contributions; and the ability to block a user for a defined or indefinite amount of time. They are also able to make changes to the MediaWiki interface, changing what users see when they edit a page or view special pages. Users obtain a sysop flag by entering and passing the Requests for Adminship process, where registered users decide by consensus if a user can be trusted with the tools. Generally, a minimum of 70% support is required to pass, however the exact amount varies for each request.
Alternate names for administrators: sysops (system operator), mop wielders, glorified janitors
Bureaucrat
editBureaucrats
Bureaucrats have control over the "nuts and bolts" of permissions, hence the crossed wrenches in their logo. They retain the ability to alter a user's permissions, but only when promoting users to admin or bureaucrat status. They are not able to demote users or grant further access levels. They can also alter a bot's access levels and rename accounts. Bureaucrats are selected through a process similar to that of admins, Requests for bureaucratship, although the process is much more rare and requires a significantly higher consensus.
Stewards
editStewards have full access to a user's permissions. They have the ability to grant and revoke any higher access level, including sysop, bureaucrat, checkuser, oversight, steward, and bot access, on any project in any language. Stewards are elected by the Wikimedia Board of Trustees (with one exception, Chair Emeritus and Steward Jimbo Wales, who was simply appointed) annually or as needed. Stewards will generally carry further access levels on their main project, but the access level of "steward" only grants them the ability to mess around with permissions.
Checkuser
editThe checkuser tool allows a user to check if an account is a sockpuppet of another, by being able to access which IP address an account has accessed the project from and when. The tool is only to be used when there is a specific need for it - a controversial and disruptive case of sockpuppet abuse. Requests for checkuser is where people may request use of the tool, however the ability to use it is generally granted by invitation only, or in rare cases by the Arbitration Committee. This is a special permission only granted to specific users and is not included with other access levels.
Oversight
editThe oversight tool allows a user to hide a certain revision from public view - essentially deleting that one specific revision from the page history. This is done for very rare cases, generally pertaining to legal reasons such as private personal information, libelous content, or copyrighted information. This tool is only granted to users with a particular need for the tool, generally current or former members of the Arbitration Committee, as use of the tool requires a very good legal reasoning, as it is essentially an "oversight" of the requirements of the GFDL. This is a special permission only granted to specific users and is not included with other access levels.
These permissions are all critical to the operation of the Wiki, however it should be kept in mind that not having (or having) one of these access levels really is no big deal. The important thing about a wiki is that you are able to edit it as needed, not that you can limit the ability of others to do so. If a higher access level is granted to you, however, you should always remember that it was granted in the spirit of trust, and that you are expected to use the tools only as needed and always fairly.
See this list for info on some other less common user rights.
Founder
editThe 'founder' group was created on the English Wikipedia by developer Tim Starling, without community input, as a unique group for Jimmy Wales. The group gives Wales full access to user rights. As 'local founder actions' are usually of great interest to the local community, and are only relevant to the English Wikipedia, the local 'founder' right also has the benefit of allowing Wales' actions to be visible in the English Wikipedia rights log; actions performed with the global founder bit are not visible in that record, but only on the log at Metawiki.