Actions

J3.x

Difference between revisions of "Access Control List Tutorial"

From Joomla! Documentation

(Moved some of 'Controlling What Users Can See' to 'Controlling What Users Can Do')
m (Global Configuration: added image)
 
Line 95: Line 95:
 
Category permissions are accessed in the Category Manager: Edit Category screen, in a tab at the top of the screen. This screen has five permissions, as shown below.
 
Category permissions are accessed in the Category Manager: Edit Category screen, in a tab at the top of the screen. This screen has five permissions, as shown below.
  
[[Image:j3x_acl_tutorial_category_permissions.png]]
+
[[Image:Screenshot_category_acl_j3_tutorial.png]]
  
 
In these screens, you work on the permissions for one User Group at a time. In the example above, we are editing the permissions for the Administrator group.
 
In these screens, you work on the permissions for one User Group at a time. In the example above, we are editing the permissions for the Administrator group.
Line 148: Line 148:
 
As discussed earlier, the permissions for each action are inherited from the level above in the permission hierarchy and from a group's parent group. Let's see how this works. The top level for this is the entire site. This is set up in the Site->Global Configuration->Permissions, as shown below.
 
As discussed earlier, the permissions for each action are inherited from the level above in the permission hierarchy and from a group's parent group. Let's see how this works. The top level for this is the entire site. This is set up in the Site->Global Configuration->Permissions, as shown below.
  
[[Image:screenshot_acl_tutorial_20110111-08.png]]
+
[[Image:Screenshot_global_acl_J3_tutorial.jpg|1330px]]
  
 
The first thing to notice are the nine Actions: Site Login, Admin Login, Super Admin, Access Component, Create, Delete, Edit, Edit State. and Edit Own. These are the actions that a user can perform on an object in Joomla. The specific meaning of each action depends on the context. For the Global Configuration screen, they are defined as follows:
 
The first thing to notice are the nine Actions: Site Login, Admin Login, Super Admin, Access Component, Create, Delete, Edit, Edit State. and Edit Own. These are the actions that a user can perform on an object in Joomla. The specific meaning of each action depends on the context. For the Global Configuration screen, they are defined as follows:
Line 172: Line 172:
 
Each Group for the site has its own slider which is opened by clicking on the group name. In this case (with the sample data installed), we have the standard 7 groups that we had in version 1.5 plus two additional groups called "Shop Suppliers" and "Customer Group". Notice that our groups are set up with the same permissions as they had in version 1.5. Keep in mind that we can change any of these permissions to make the security work the way we want. Let's go through this to see how it works.
 
Each Group for the site has its own slider which is opened by clicking on the group name. In this case (with the sample data installed), we have the standard 7 groups that we had in version 1.5 plus two additional groups called "Shop Suppliers" and "Customer Group". Notice that our groups are set up with the same permissions as they had in version 1.5. Keep in mind that we can change any of these permissions to make the security work the way we want. Let's go through this to see how it works.
  
* '''Public''' has everything set to "Not set", as shown below.{{-}}[[Image:screenshot_acl_tutorial_20110112-06.png]]
+
* '''Public''' has everything set to "Not set", as shown below.{{-}}[[Image:Screenshot_global_acl_public_J3_tutorial.png]]
 
**This can be a bit confusing. Basically, "Not Set" is the same as "Inherited". Because Public is our top-level group, and because Global Configuration is the top level of the component hierarchy, there is nothing to inherit from. So "Not Set" is used instead of "Inherit".
 
**This can be a bit confusing. Basically, "Not Set" is the same as "Inherited". Because Public is our top-level group, and because Global Configuration is the top level of the component hierarchy, there is nothing to inherit from. So "Not Set" is used instead of "Inherit".
 
**The default in this case is for no permissions. So, as you would expect, the Public group has no special  permissions. Also, it is important to note that, since nothing is set to Denied, all of these permissions may be overridden by child groups or by lower levels in the permission hierarchy.
 
**The default in this case is for no permissions. So, as you would expect, the Public group has no special  permissions. Also, it is important to note that, since nothing is set to Denied, all of these permissions may be overridden by child groups or by lower levels in the permission hierarchy.
  
* '''Manager''' is a "child" group of the Public group. It has Allowed permissions for everything except Access Component and Super Admin. So a member of this group can do everything in the front and back end of the site except change Global Permissions and Component Options.  
+
* '''Guest''' is a 'child' group of the Public group has everything set to 'Inherited' {{-}}[[Image:Screenshot_global_acl_guest_J3_tutorial.png]]
 +
** This is the default 'Guest User Group' in the User Manager options and the Group that (non logged in) visitors to your site are placed in.
  
* '''Administrator'''  group members inherit all of the Manager permissions and also have Allowed for Access Component. So members of this group by default can access the Options screens for each component.
+
* '''Manager'''  is a "child" group of the Public group. It has Allowed permissions for everything except Access Component and Super Admin. So a member of this group can do everything in the front and back end of the site except change Global Permissions and Component Options. {{-}}[[Image:Screenshot_global_acl_manager_J3_tutorial.png]]
  
* '''Registered''' is the same a Public except for the Allow permission for the Site Login action. This means that members of the Registered group can login to the site. Since default permissions are inherited, this means that, unless a child group overrides this permission, all child groups of the Registered group will be able to login as well.
+
* '''Administrator''' group members inherit all of the Manager permissions and also have Allowed for Access Component. So members of this group by default can access the Options screens for each component. {{-}}[[Image:Screenshot_global_acl_administrator_J3_tutorial.png]]
  
* '''Author''' is a child of the Registered group and inherits its permissions and also adds Create and Edit Own. Since Author, Editor, and Publisher have no back-end permissions, we will discuss them below, when we discuss front-end permissions.
+
* '''Registered''' is the same a Public except for the Allow permission for the Site Login action. This means that members of the Registered group can login to the site. Since default permissions are inherited, this means that, unless a child group overrides this permission, all child groups of the Registered group will be able to login as well. {{-}}[[Image:Screenshot_global_acl_registered_J3_tutorial.png]]
  
* '''Editor''' is a child of the Authors group and adds the Edit permission.
+
* '''Author''' is a child of the Registered group and inherits its permissions and also adds Create and Edit Own. Since Author, Editor, and Publisher have no back-end permissions, we will discuss them below, when we discuss front-end permissions.{{-}}[[Image:Screenshot_global_acl_author_J3_tutorial.png]]
  
* '''Publisher''' is a child of Editor and adds the Edit State permission.
+
* '''Editor''' is a child of the Authors group and adds the Edit permission. {{-}}[[Image:Screenshot_global_acl_editor_J3_tutorial.png]]
 +
 
 +
* '''Publisher''' is a child of Editor and adds the Edit State permission.{{-}}[[Image:Screenshot_global_acl_publisher_J3_tutorial.png]]
  
 
* '''Shop Suppliers''' is an example group that is installed if you install the sample data. It is a child group of Author.
 
* '''Shop Suppliers''' is an example group that is installed if you install the sample data. It is a child group of Author.

Latest revision as of 10:38, 13 February 2014