I've never been able to locate a "Plain Talk" version of how Joomla's access groups work, so I thought I'd attempt to create one myself. I created this in the process of doing training documentation for a client. I hope this helps out those of you who have had a hard time finding resources to explain the concept, and I'd appreciate comments and corrections. Note: I am NOT a core dev, just a developer who wants to give something back to the community.
This document is targeted at new users who have successfully completed a Joomla install and have accessed the Admin Backend, and upon creating their first, users wondered what the heck those Group levels mean!
Joomla controls access to certain areas and features of a site through use of a basic ACL, or Access Control Level mechanism called Groups. Certain groups have certain access level features and they are directly related to the creation, editing and publishing of content (through the Frontend and Backend interfaces) as well as to access to the Administrative (Backend) interface.
Each group has different levels of access control and once a user is made a member of that group, they inherit those rights. Note that the 'Public Front-end' and 'Public Back-end' groups are merely placeholders at this point in time. They are not valid group selections at this time, but in the future, they will define the default access levels for anonymous users in the Front-end and Back-end systems. The Joomla ACL is currently undergoing further development to allow greater control over aspects and access to the site. Future ACL enhancements are outlined in the “Joomla Roadmap”, (among other future plans) and is available at http://www.joomla.org/content/view/14/28/.
There are four (4) Front-end groups available:
Registered - This group allows the user to login to the Frontend interface. Registered users can't contribute content, but this may allow them access to other areas, like a forum or download section if your site has one.
Author - This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content. When content is submitted by an Author level user, they receive the message, “Thanks for your submission. Your submission will now be reviewed before being posted to the site.” They can edit only their own articles but only when that article has been published and is visible.
Editor - This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published. If your site uses the default installation’s menu option “News”, which is a Table List – Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list. Still, Editor users cannot, publish or change the publishing status of any articles, even their own.
Publisher - This group allows a user to post, edit and publish any (not just their own) content item from the Front-end. Publishers can review all articles, edit and change publishing options but the can also determine when an article is ready for publication, making it visible to Registered, Author and the Unregistered Public (depending on what visibility was chosen in the article, of course!)
There are three (3) Administration section groups that allow access to Joomla:
Manager - This group allows access to content creation and other system information from the Backend. Think of Manager users as Publishers, with Backend access. They can log in through the Administrator interface, but their rights and access are generally restricted to content management. They can create or edit any content, access to some Backend only features like adding, deleting and editing Sections and Categories, editing the Front Page and Menus, but they don’t have any access to the “Mechanics” of Joomla, like user management or the ability to install components or modules. Note that if a Manager logs in through the Frontend interface, they’re treated just like a Publisher, with the same rights and access.
Administrator - This group allows access to most administration functions. An Administrator user has all the privileges on the back end of a Manager, but they also have access to set options on, and install/delete components, modules and bots, User Manager access and can view the site statistics. What they cannot do however is change, edit or install Site Templates or make any changes to the sites Global configuration options. On login through the Frontend, they are treated as Publishers, just like the Manger users. Interesting to note; when an Administrator accesses the User Manager list, they will see all users at their access level or below; in other words they can modify any user EXCEPT a Super Administrator – in fact, they will not even see Super Administrator accounts in the list! Also, they cannot create additional Super Administrator level accounts, only a Super Admin can do that.
Super Administrator - This group allows access to all administration functions. Only another Super Administrator can create or edit a Super Administrator user account. Full access to ALL AREAS is given to Super Administrators, and once created they cannot be deleted – EVEN BY ANOTHER SUPER ADMIN! (Users with access directly to the MySQL database may be able to manually delete these users, but it is not for the timid and can result in a full lockout!)
Because of this, give a bit of thought to who you need to grant this highest level of access to. Super Admins, while they cannot delete another SA can block the user from logging in or change the password on another SA account. Like the other Backend user accounts, SA’s are treated as Publishers when they login through the Frontend interface.
As mentioned previously, the Joomla ACL is currently in further development as of the writing of this document and will provide new features and greater control. However these enhancements won’t be seen until Joomla 1.2, currently expected sometime in Q3 2006, so the previous overview will be what most users and administrators will see for the foreseeable future.
Components have recently been made available to extend the Joomla ACL, including JACLPlus by BYOSTECH (http://www.byostech.com) which seems to be the most complete and popular, but due diligence should be exercised with ANY ACL extension – not only in how it affects currently available add ons for Joomla, but also how it may affect any new core versions that will be released in the future. This is not an endorsement of any specific project or an indictment; merely a bit of advice to use common sense. There are other posts in the forum that deal with ACL extensions, and it would be a good idea to read them and ask questions before embarking on any changes.