....well it used to be to me, at least.
I found the terminology in ACLs to be the reverse to what they read like, to me. So, I thought this may help someone:
On the site I created at http://www.readournovels.com
I created user levels thus:
1) Public. This one sees just what is there for anyone to see but nothing higher.
2) Registered. Someone who created an account. They get access to Forums and to see a menu to use to apply to be an Author on the site.
3) Authors. They get to post their novels online but the menu they got to see as only a Registered user disappears and 2 others are in its place.
4) Genre Editors. There are several genres in writing and there may be one person with an intense interest in one area. So, when I grow to trust them and if they wish to be, I apply "Genre Editor" to them under their Genre. They get to see all an author sees and can edit, unpublish, submit articles.
5) Site Admin. For a time I hope will come in the future when I am so busy on the site I need help of ultra trustworthy people I would pay to help keep the site running smoothly. they get to do all Genre Editors do and limited backend access as well. They also get to move submissions to more appropriate genres if called for.
6) Super User. Me.
OK I didnt make all those names up but some of them. ;-} First off, Authors - in order to get one menu to appear when Registered so that they could apply to be an Author, I simply limited seeing that menu to Registered users. Not registered, dont see it (though I am actually thinking of changing that right now so it may change if you view the site). However, as an author, there are two more menus they get to see, one detailing HOW to submit their writings because the online editors JCE etc are actually hard to use for a lot of people, surprisingly. The other is a basic article submission link that I dont want lower levels to see, either. In order to have Authors see those two menus and not the one Registered see, I made up a Viewing Access Levels called "Authorview" and applied it to Authors and above only then went to those 2 menus and limited access to it to Authroview". When promoting a Registered (or other) user, you will not see the user level CALLED "Authorview" because I didnt make that user level name up on purpose. So, by applying that Viewing Access Levels that way, only Authors and above can see the menus I want them to see and because the menu Registered people can see is only for that level and Super User (he who sees ALL ;-}) then only those two access levels see THAT menu. This means that when a Registered user is given the Author access level and they dont see the one limited ONLY to Registered, they dont keep applying for Author access over and over because that is what that menu is for and to be honest, some people WOULD do that. You know it! Also, Authors can Edit Own via Permissions.
Now on to Genre Editors. How do I allow a user access less than Super User to edit ONLY articles under one genre while not allowing them to edit articles under any other, right? Like this - Let us choose the genre called Science Fiction simply because that is my favourite. I made up a user level called "Sci-Fi" with a parent of Site Admin (Site Admin level has a parent of Public). Next, I went to the sub category called Science Fiction, the top level being Genres to Read and I clicked on Set Permissions. Under that, I looked for the user leve Sci-Fi and changed permissions for Create, Edit, Edit State, Edit Own to Allowed. Now, when the user with the permission to alter any article or add or unpublish etc from the front end only logs on and goes to some other genre or part of the site, they do not see any permissions above what an Author level sees but when they go to the Science Fiction sub category, they see the usual Edit and Submit icons which is what I want them to have. Thus, if they see something wrong with a Crime & Mystery genre article, they cant do anything about it other than to report it to Admin - me - but if it is something bad with anything under Science Fiction, they can take care of it then and there. Also, while under the User Manager I clicked Options and then Permissions and set this one to Configure "Allowed" Access Administration Interface "Denied" Create "Inherited" Delete "Denied" and Edit and Edit State "Inherited".
Now Site Admin. This has a parent of Public when I made this name up. Simply, I want them to have limited back end access so I changed all under Permissions (as mentioned above) to Allowed. Really, all I wanted this one not to get to is Global Configuration and as it isnt a Super User but has backend access, after giving it backend access, it has all that in place. This level can do almost everything a Super User can do but for what I envision that will be necessary when the site becomes busy in a few years.
I hope the above makes sense to anyone with any ACL problems. I must admit I thought about all this in the reverse to what it was. I thought a Site Admin would be a higher access level than even a Genre Editor so it should be a child of Genre Editor but the reverse was true to that.
If anyone needs anything more, ask. I will even help out by going to your site backend and putting it in place, if possible, if you want. Just contact me. Once in place you can examine it and better understand it, I think. I see a visual representation rather than a whole lot of words as easier to understand things and some of you may be the same. Probably why I dont RTFM a lot! ;-}