RESOURCE: User Group Access levels explained in simple terms!

Forum rules
Please submit all new Tips and Tricks to: http://docs.joomla.org/Category:Tips_and_tricks
User avatar
kaizen
Joomla! Explorer
Joomla! Explorer
Posts: 294
Joined: Fri Aug 26, 2005 5:05 am
Location: Pennsylvania, USA
Contact:

RESOURCE: User Group Access levels explained in simple terms!

Postby kaizen » Thu Dec 22, 2005 6:17 pm

Forward:
I've never been able to locate a "Plain Talk" version of how Joomla's access groups work, so I thought I'd attempt to create one myself.  I created this in the process of doing training documentation for a client.  I hope this helps out those of you who have had a hard time finding resources to explain the concept, and I'd appreciate comments and corrections.  Note: I am NOT a core dev, just a developer who wants to give something back to the community. 

Audience
This document is targeted at new users who have successfully completed a Joomla install and have accessed the Admin Backend, and upon creating their first, users wondered what the heck those Group levels mean!  :-[

====================================================

Joomla controls access to certain areas and features of a site through use of a basic ACL, or Access Control Level mechanism called Groups.  Certain groups have certain access level features and they are directly related to the creation, editing and publishing of content (through the Frontend and Backend interfaces) as well as to access to the Administrative (Backend) interface.

Each group has different levels of access control and once a user is made a member of that group, they inherit those rights. Note that the 'Public Front-end' and 'Public Back-end' groups are merely placeholders at this point in time. They are not valid group selections at this time, but in the future, they will define the default access levels for anonymous users in the Front-end and Back-end systems.  The Joomla ACL is currently undergoing further development to allow greater control over aspects and access to the site.  Future ACL enhancements are outlined in the “Joomla Roadmap”, (among other future plans) and is available at http://www.joomla.org/content/view/14/28/.

There are four (4) Front-end groups available:

Registered - This group allows the user to login to the Frontend interface.  Registered users can't contribute content, but this may allow them access to other areas, like a forum or download section if your site has one.

Author - This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content.  When content is submitted by an Author level user, they receive the message, “Thanks for your submission. Your submission will now be reviewed before being posted to the site.”  They can edit only their own articles but only when that article has been published and is visible.

Editor - This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published.  If your site uses the default installation’s menu option “News”, which is a Table List – Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list.  Still, Editor users cannot, publish or change the publishing status of any articles, even their own.

Publisher - This group allows a user to post, edit and publish any (not just their own) content item from the Front-end.  Publishers can review all articles, edit and change publishing options but the can also determine when an article is ready for publication, making it visible to Registered, Author and the Unregistered Public (depending on what visibility was chosen in the article, of course!)


There are three (3) Administration section groups that allow access to Joomla:

Manager - This group allows access to content creation and other system information from the Backend. Think of Manager users as Publishers, with Backend access.  They can log in through the Administrator interface, but their rights and access are generally restricted to content management.  They can create or edit any content, access to some Backend only features like adding, deleting and editing Sections and Categories, editing the Front Page and Menus, but they don’t have any access to the “Mechanics” of Joomla, like user management or the ability to install components or modules.  Note that if a Manager logs in through the Frontend interface, they’re treated just like a Publisher, with the same rights and access.

Administrator - This group allows access to most administration functions.  An Administrator user has all the privileges on the back end of a Manager, but they also have access to set options on, and install/delete components, modules and bots, User Manager access and can view the site statistics.  What they cannot do however is change, edit or install Site Templates or make any changes to the sites Global configuration options.  On login through the Frontend, they are treated as Publishers, just like the Manger users.  Interesting to note; when an Administrator accesses the User Manager list, they will see all users at their access level or below; in other words they can modify any user EXCEPT a Super Administrator – in fact, they will not even see Super Administrator accounts in the list!  Also, they cannot create additional Super Administrator level accounts, only a Super Admin can do that.

Super Administrator - This group allows access to all administration functions.  Only another Super Administrator can create or edit a Super Administrator user account. Full access to ALL AREAS is given to Super Administrators, and once created they cannot be deleted – EVEN BY ANOTHER SUPER ADMIN!   (Users with access directly to the MySQL database may be able to manually delete these users, but it is not for the timid and can result in a full lockout!)

Because of this, give a bit of thought to who you need to grant this highest level of access to.  Super Admins, while they cannot delete another SA can block the user from logging in or change the password on another SA account.  Like the other Backend user accounts, SA’s are treated as Publishers when they login through the Frontend interface.


Summation:
As mentioned previously, the Joomla ACL is currently in further development as of the writing of this document and will provide new features and greater control.  However these enhancements won’t be seen until Joomla 1.2, currently expected sometime in Q3 2006, so the previous overview will be what most users and administrators will see for the foreseeable future.

Components have recently been made available to extend the Joomla ACL, including JACLPlus by BYOSTECH (http://www.byostech.com) which seems to be the most complete and popular, but due diligence should be exercised with ANY ACL extension – not only in how it affects currently available add ons for Joomla, but also how it may affect any new core versions that will be released in the future.  This is not an endorsement of any specific project or an indictment; merely a bit of advice to use common sense.  There are other posts in the forum that deal with ACL extensions, and it would be a good idea to read them and ask questions before embarking on any changes.

Hope this helps new users to understand the ACL schema in Joomla.  If it did, please refer others to it - if not, please help out, make suggestions, GET INVOLVED!  Also, if you speak another language besides English please consider posting a version of this in your native tongue to help others out as well.
You do not have the required permissions to view the files attached to this post.
Last edited by Tonie on Fri Sep 28, 2007 7:05 pm, edited 1 time in total.
Robert Anthony Pitera
West of East, Inc. - http://www.westofeast.com - Taking technology in new directions™

j0s3
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Sep 24, 2007 9:16 pm

Re: RESOURCE: User Group Access levels explained in simple terms!

Postby j0s3 » Fri Nov 02, 2007 3:45 pm

hi there,

thanks for posting this - it's just what I was looking for, but I have a question that you may be able to help me with?

You wrote in your post:

"Administrator  - This group allows access to most administration functions.  ... User Manager access and can view the site statistics."

If I create a user with back-end administrator rights and log on via the front end, how do I access the user manager?

Many thanks
hoz

User avatar
kaizen
Joomla! Explorer
Joomla! Explorer
Posts: 294
Joined: Fri Aug 26, 2005 5:05 am
Location: Pennsylvania, USA
Contact:

Re: RESOURCE: User Group Access levels explained in simple terms!

Postby kaizen » Fri Nov 02, 2007 3:56 pm

j0s3 wrote:hi there,

thanks for posting this - it's just what I was looking for, but I have a question that you may be able to help me with?

You wrote in your post:

"Administrator  - This group allows access to most administration functions.  ... User Manager access and can view the site statistics."

If I create a user with back-end administrator rights and log on via the front end, how do I access the user manager?

Many thanks
hoz


Hi, I'm just so glad this of use to so many people!

To answer your question, you could put a URL type menu link that points to "http://YOURSITENAME.COM/adminsitrator" in the USER MENU and then set the permissions to "Special".  This way, non registered users will see nothing (since the user menu shows up only to logged in users) and only those in the admin group will see the menu item itself.

As with everything in Joomla, there is more than one way to accomplish this, so if anyone else has an alternative idea please share it with the group!

Cheers!
Robert Anthony Pitera
West of East, Inc. - http://www.westofeast.com - Taking technology in new directions™

j0s3
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Sep 24, 2007 9:16 pm

Re: RESOURCE: User Group Access levels explained in simple terms!

Postby j0s3 » Fri Nov 02, 2007 4:27 pm

that sounds awesome :)

i'll be trying that out soon!

many thanks again
hoz

rattlesnakejohnny
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Wed Sep 19, 2007 4:06 pm

Re: RESOURCE: User Group Access levels explained in simple terms!

Postby rattlesnakejohnny » Thu Nov 08, 2007 9:04 pm

This is very helpful, however I am having a hard time implementing this:

User Manager - I see Author, Publisher, Editor

I do not see anywhere in the user info or under Sections to specify which users can Author or Edit which areas of content.

(ie. A sports page, I want a Basketball coach to edit, author content in their section, and the football coach the same, etc.. )

Josh Anderson
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Feb 22, 2008 12:15 am
Location: Dawson Creek, BC

Re: RESOURCE: User Group Access levels explained in simple terms

Postby Josh Anderson » Tue Feb 26, 2008 7:13 pm

It was a great help to me to read this plain language article about the user levels, but I have one more question on a related topic.

How do I make certain modules and/or menu items disappear upon logging in? I have a "New Users Register Now" Module and Menu link that I would love to have disappear once a user logs in since they would be redundant and slightly confusing to new users.

If you could help me with this, that'd be great!

TIA.


Return to “Tips & Tricks - Moving”

Who is online

Users browsing this forum: No registered users and 1 guest