Access Control List Tutorial
From Joomla! Documentation
ACL for publishing workflow
There are several different kinds of users in Joomla and each has a set of permissions granted to them:
Guests - Anonymous users of the website, no special rights.
Registered Users - Normal visitors who register.
Authors- Can submit content for approval in the front end only. Can edit their own content once published. A publisher or higher must approve new content before it goes live.
Editors - Can submit or edit all existing content, front end only. A publisher or higher must approve new pages before they go live, updates to existing content go live immediately.
Publishers - Can publish plus do any of the above, front end only.
Managers, Admins and Super Admins - All of the above plus can log into the back end w/increasing rights.
After installation, Joomla starts out with one super administrator. To add or edit new users manually, you must be at least a manager. To create admins, you must be a Super Admin.
TIP. For a small organization with one web master, much of this may be unnecessary. But even if you choose not to use a publishing workflow, having a publisher or manager user is a nice way to simplify the options for less experienced users.
|Submit for approval||Edit own content||Edit any content||Approve new content||Use the back-end|
|Super Administrator||☑||☑||☑||☑||All privileges|
ACL for displaying content
Aside from front end and back end permissions, you may also use ACL to display certain content to certain visitors. Currently there are only three choices for using ACL this way. They are Public, Registered, and Special (which stands for Authors and above). You can assign the access level to any menu item, article or module in the back end. The default is Public, but by choosing Registered or Special, the item will only appear to that user group and above.
TIP Special ACL is used for the User Menu items in the default sample content. This allows for links such as "submit article" to be only visible for author users and above.
TIP You can use Registered ACL as an simple way to create member’s-only content.
TIP You can safely experiment on a live site by using access levels. Simply assign something (such as a new menu item and page) to the Special access level and publish it. Then only users who are author and above will ever see it. (Don’t forget to log in to the front end and changing the item back to Public so that it is visible to everyone.)
After installation, Joomla starts out with one Super Administrator. To add or edit users, you must be at least a manager. To create admins, you must be a Super Admin. For a small organization with one web master, much of this may be unnecessary. But even if you don’t use a publishing workflow, having a publisher or manager user is a nice way to simplify the options for less experienced users.
Registering and ACL
If someone registers at your site, a new user is created automatically. Normally these new users will become Registered Users, however you may choose your preferred access level in Joomla's global configuration.
Custom User Groups
See Custom user groups for information about creating custom user groups for version 1.5.