Support User?

Moderators: mandville, PhilD, General Support Moderators

Post Reply
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Mar 13, 2017 2:00 pm

Support User?

Post by foxthing » Mon Mar 13, 2017 2:12 pm


I'm new to this forum, and quite new to joomla 3.x. I've inherited a webshop from a former workmate, and I'm now trying to get my head around the ACL System.

I've got a Group called "support" inherited from "Administrator", which should be allowed to do user support, as in resetting passwords and such. Problem is, when I give it the create/edit permission on Users, they are as well allowed to create new users in the administrator group, or change their own Account to be an Administrator.

Is there any way to prevent this, lets say limit them to only be allowed to work on a certain group of Users?


User avatar
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Sat Apr 25, 2009 9:20 pm
Location: Minnesota (USA)

Re: Support User?

Post by rcarey » Sun Mar 19, 2017 6:00 am

I would create a new usergroup that inherits from just Public. (Some will prefer to inherit from Registered.) But don't inherit from Administrator - that has your group inheriting permissions to do almost anything in the backend. Create the new usergroup and grant it only the permissions you want it to have.

Go to Global Configuration, then Permissions. Grant this user permission to Administrator Login.

Then go to the User Manager and click its Options button. From there, assign the new user to Access Administration Interface and then to whatever actions you want to allow for them: Create, Delete, Edit, Edit State. If you give them just the rights to Edit and Edit State, they will be able to reset passwords and disable users, but not create them.

Finally, so that these User Managers can access the menu bar to select the User Manager, go to Access Levels -> Super and add your new usergroup to this access level. There are other other ways to give the user a link to the User Manager (a bookmark for one), but this is the most straight-forward way.

Your question probes a bit more into the advanced area. Out-of-the-box, if you allow a user to assign groups, that user can assign anyone to any available group except to Super. I realize that you want something more restrictive. I do have a solution...

You can override the template that displays the usergroup options. This is written in php. You could have the logic set up so that if the user does not have admin rights, the user will see only certain user groups - the other groups being suppressed. now this takes a little php skill, but it is do-able through an override. The file to override is administrator/components/com_users/views/user/tmpl/edit_group.php. Now all the groups are written by a single function, but there are at least three ways to limit the groups being displayed:
[a] for non-admins add a style sheet that suppresses (display:none) the checkboxes for groups you do not want shown. A savvy user might know how to get past this, but it should keep honest users honest.
before echo-ing the HTML, collect that HTML in a variable and parse it to remove (or read-only) the checkboxes you do not want showing.
[c] for non-admins, don't call the function that generates the checkboxes, but rather display a hard-coded subset of the checkboxes you want to display. This list willnot change or grow should you change or add groups, but that might not be a problem for you . Perchance you don't want those users to change any usergroups, then this is the option for you -- merely skip the line that displays the checkboxes so that the usergroup screen will be blank for non-admins.

I think this should help you to accomplish what you want.
Randy Carey, the iCue Project : developing an intelligent approach to improving the CMS user experience,
Careytech Studios custom development for tailored or value-added web solutions

Post Reply

Return to “Access Control List (ACL) in Joomla! 3.x”