“I Wish I Had Known That About Joomla!” – Understanding Role-Based Access and ACLs

Intended Audience: Beginning Joomla! Administrators

Nouns and Definitions

  • User – An entity who will interact with your site.
    • Rule:  A user can belong to one or more User Groups.
    • Configured in Users > User Manager > Users.
    • Important attributes:
      • Name – The name that will appear on the site as the author of content.  Whether or not it shows is set in each piece of content.
      • Login Name – The name the user will use when entering their credentials to log in the site.
      • Email – Rule:  Cannot be associated with any other user on the site.
      • Assigned User Groups – select one or many.
  • User Group – Controls what a user can do on the site.  A User Group has specific Permissions.
    • Rules:
      • A User Group can be assigned to one or more Access Levels.
      • A User group is assigned to one or more Actions which represent their Permissions.
      • Could there be a scenario where you have Permissions, but not the Access Level to “see” what you have permissions to act on?
    • Set Permissions in User Manager > Options from top right button bar > Permissions tab.
    • Note: When adding a new group, be sure to edit the Access Levels.
  • Permissions – rights to perform certain actions on a site; either Allowed or Not Allowed
    • Configure Permissions in User Manager > Options from top right button bar > Permissions tab.
  • Actions on which Permissions are set:
    • Site Login – can login to frontend
    • Admin Login – can login to backend
    • Offline Access – can access to site when site is offline
    • Super Admin – access to do anything, regardless of other permissions
    • Access Administration Interface –  allows users access to backend, except global configuration
    • Create – can create content in any extension
    • Delete – can delete content in any extension
    • Edit – can edit content in any extension
    • Edit State – can edit state (Published|Unpublished) of content in any extension
  • Access Level – control which users can view which objects on your site, to include: menu items, modules, categories, and component items (articles, contacts, etc.).
    • Rules:
      • Each object on the site is assigned to one access level.
      • User groups are also assigned to each access level.
    • Important Attributes:
      • Level Title – what you enter here is what you see from the “Access” drop-down in objects like menu items, modules, etc.

Registering as a New User

The ability to register as a new user and set what their default role will be is controlled as a global setting under User Manager > Options from the top right button bar.

Access Levels

pastedGraphic.png

Example Implementation

Congregation Or Ami in Richmond, VA has two blogs using Zoo blog; one for our Rabbi and one for our President.  There is a landing page for each as follows:

  1. http://or-ami.com/about-us/our-rabbi/blog-rabbi
    1. This is a “Zoo Front Page” Menu Item Type with Access Level set to Public so everyone can see it.
  2. http://or-ami.com/about-us/leadership/our-president
    1. This is a “Zoo Front Page” Menu Item Type with Access Level set to Public so everyone can see it.

The Rabbi is the only one who can see the “Rabbi – Create Blog Entry” menu item displayed one level below her landing page.    She creates Articles and assigns them to the Rabbi category.

Leave a Reply

Your email address will not be published. Required fields are marked *