User Group Access levels explained in simple terms
From Joomla! Documentation
Revision as of 04:16, 23 February 2011 by Lord alan
I've never been able to locate a "Plain Talk" version of how Joomla's access groups work, so I thought I'd attempt to create one myself. I created this in the process of doing training documentation for a client. I hope this helps out those of you who have had a hard time finding resources to explain the concept, and I'd appreciate comments and corrections. Note: I am NOT a core dev, just a developer who wants to give something back to the community.
This document is targeted at new users who have successfully completed a Joomla install and have accessed the Admin Backend, and upon creating their first, users wondered what the heck those Group levels mean!
Joomla controls access to certain areas and features of a site through use of a basic ACL, or Access Control Level mechanism called Groups. Certain groups have certain access level features and they are directly related to the creation, editing and publishing of content (through the Frontend and Backend interfaces) as well as to access to the Administrative (Backend) interface.
Each group has different levels of access control and once a user is made a member of that group, they inherit those rights. Note that the 'Public Front-end' and 'Public Back-end' groups are merely placeholders at this point in time. They are not valid group selections at this time, but in the future, they will define the default access levels for anonymous users in the Front-end and Back-end systems.
The Joomla ACL has been completely reworked in Joomla 1.6 (released in Jan 2011) further information on the new ACL mechanis can be read here  and in many other places on-line.
There are four (4) Front-end groups available:
Registered - This group allows the user to login to the Frontend interface. Registered users can't contribute content, but this may allow them access to other areas, like a forum or download section if your site has one.
Author - This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content. When content is submitted by an Author level user, they receive the message, “Thanks for your submission. Your submission will now be reviewed before being posted to the site.” They can edit only their own articles but only when that article has been published and is visible.
Editor - This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published. If your site uses the default installation’s menu option “News”, which is a Table List – Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list. Still, Editor users cannot, publish or change the publishing status of any articles, even their own.
Publisher - This group allows a user to post, edit and publish any (not just their own) content item from the Front-end. Publishers can review all articles, edit and change publishing options but the can also determine when an article is ready for publication, making it visible to Registered, Author and the Unregistered Public (depending on what visibility was chosen in the article, of course!)
There are three (3) Administration section groups that allow access to Joomla:
Manager - This group allows access to content creation and other system information from the Backend. Think of Manager users as Publishers, with Backend access. They can log in through the Administrator interface, but their rights and access are generally restricted to content management. They can create or edit any content, access to some Backend only features like adding, deleting and editing Sections and Categories, editing the Front Page and Menus, but they don’t have any access to the “Mechanics” of Joomla, like user management or the ability to install components or modules. Note that if a Manager logs in through the Frontend interface, they’re treated just like a Publisher, with the same rights and access.
Administrator - This group allows access to most administration functions. An Administrator user has all the privileges on the back end of a Manager, but they also have access to set options on, and install/delete components, modules and bots, User Manager access and can view the site statistics. What they cannot do however is change, edit or install Site Templates or make any changes to the sites Global configuration options. On login through the Frontend, they are treated as Publishers, just like the Manger users. Interesting to note; when an Administrator accesses the User Manager list, they will see all users at their access level or below; in other words they can modify any user EXCEPT a Super Administrator – in fact, they will not even see Super Administrator accounts in the list! Also, they cannot create additional Super Administrator level accounts, only a Super Admin can do that.
Super Administrator - This group allows access to all administration functions. Only another Super Administrator can create or edit a Super Administrator user account. Full access to ALL AREAS is given to Super Administrators, and once created they cannot be as easily deleted. It might not be obvious, but you have to change the user's group to something other than Super Administrator first. Then you can delete them.
Because of this, give a bit of thought to who you need to grant this highest level of access to. Super Admins can block the user from logging in or change the password on another SA account. Like the other Backend user accounts, SA’s are treated as Publishers when they login through the Frontend interface.
As mentioned previously, the Joomla ACL has been completely re-written for Joomla! 1.6 to provide new features and greater control.
Many third-party extensions exist to extend the Joomla ACL, but due diligence should be exercised with ANY ACL extension – not only in how it affects currently available extensions for Joomla, but also how it may or may not cooperate with future releases of Joomla.