FREELessons: 35Length: 7.7 hours

Next lesson playing in 5 seconds

Cancel
  • Overview
  • Transcript

3.2 User Group Permissions and Access Levels

With Joomla we need to learn how the system is built, so that we can then understand how the permission system works with user groups. The most important thing is to make sure we set viewing access levels in order to stop unauthorised access to content on the front-end.

3.2 User Group Permissions and Access Levels

Hi guys, welcome back to a beginner's guide to using Joomla!. And in this lesson we want to, first of all, understand how Joomla!'s built, so we can understand how the permissions are set on user groups. Then we want to take a look at access levels. Joomla is a very flexible and extensible content management system. And one of the reasons why it's so flexible is because of the way the mission system works, and the way Joomla is built. So to understand permissions, we first have to discover how Joomla is built, which it's very modular and very simple. So Joomla is the system itself, such as Global Configurations, where we can set the global configurations for the system itself. But what's important to note is that we have components for the back end that extend onto the system. Now you can have components in the front end, but ignore the front end for now. Let's just concentrate on the back end right here. And so what we can do is we can take a look at the Users component, the Menus component, the Content component, the Components here such as Banners, Contacts, and so on and so forth. Now the reason why these components are grouped in one menu is because if they were directly linked in this bar, they would take up too much space. So because there are so many components, they're grouped under a menu. The most important components are displayed in the menu bar. And even the Extensions Manager, that is a component. So everything extends onto the system and this is why Joomla is so flexible. Because what I can do is, you can see here, I can go to Global Configuration and we can set the global configuration for this system. But also, because the extensions, or components, are extending onto the system, we can now take a look at, let's say, the Banners component. And we can say right, well for this particular user group, we're going to allow or deny access to this component, or a certain part of this component, making Joomla very, very flexible. So let's take another case and example. Let's say I'm logged in as the administrator. I have access to all of the components as the super user, but when I log in as the test manager, I no longer have that ability to access certain components. So when I log in I don't have access to all the components underneath the System. So even the Check-In and the Cache Manager, they are classed as components, as you can see right here. Check-In and Cache Manager, where I can set the permissions for those particular components. I don't have access to them. Those components have been disabled. On top of that we don't have the Users Manager. That component's been disabled. The Menu Manager, that's been disabled and so on and so forth. And there are other components that have been disabled for this particular user. So again that's how this becomes so flexible. Because we can simply disable or enable certain components for certain user groups. And then we can go underneath the system configurations, take a look at all of the components, and configure the permissions for a certain component, and this allows us to target a certain user group and allow or deny certain actions that the user can take within that component. This is why it's so flexible and this is how the permission system works in Joomla!. So now let's have a play with the permissions. So first of all, I'm logged in as the test manager in Google Chrome. And underneath Components we have Banners. And from there we can add and edit banners and so on and so forth. But let's say that I don't want this test manager to gain access to the banners component from the administrator interface. So what I'm going to do is log in as the super user. Underneath System, we're gonna go to Global Configuration. And we're gonna take a look at the Banners component. And we need to take a look at the permissions of that component. Now, the test manager is part of the Test Manager user group. So, I wanna target that group. So, click and that, and you'll notice that all of the settings, by default, are inherited. So, you need to be careful when you create your new user groups. And you set the parent to be a certain user group, it will inherit the permissions by default. But then of course you can go in and start to change the permissions. So in this case with the test manager, I do not want it to access the banners component in the administrator's Interface. So I'm going to say Access Administrator Interface, and I'm going to deny it access. So I'm going to go ahead and click Save. Then I'm going to refresh this users account and then when we drop down Components, Banners is no longer there because I've denied access to the banners component In the back end for this particular user. So this is how your permissions for each component relates to a certain user group. And so you can see how flexible and powerful this really is and you don't actually have to disable the entire component. So for example if they can't access it in the administrator interface then it's pretty much disabled altogether. But let's change it back to Inherited. So now the Test Manager user group will inherit this permission setting from its parent, the manager, which is allowed like so. And now we can gain access to this particular component. So I don't have to disable the entire component. For example I don't want them to be able to create a new banner. So we can take a look at these actions right here and they're pretty much self explanatory. So can they configure this component? Can they access this component from the administrative interface? Can they create new banners? Or a new user? Or a new article? Which ever component that we're in, it just relates. So create, so delete a banner, edit a banner, and edit the state of a banner. So just publish, unpublish, trash, archive, and so on and so forth. And we're gonna look more into this in the next lesson. But, let's just say I don't want them to have the ability to create a new banner. So, with the Create action, I'm simply going to deny the test manager user group the ability to create a banner. So, I'm going to save that and then we're going to refresh, and now the New button simply disappears. So, I'm going to change that back to Inherited and go ahead and save it. So, have a play around and see how the permissions for each component relate to a certain user group. And this will give you a great understanding of the Joomla content management system. So now let's take a look at the user access levels. And why do we need user access levels, more importantly when we already have user groups? So let's first of all take a look at Access Levels. So you can see here that we can search through the access levels, we can organize the data, so the column headers right here and you can click on the column headers if you'd like to organize them in that way. Also, we can say whether we want this ascending or descending, and we can choose how many rows we'd like to display in our table, per page. So what are access levels, and why do we need them? Well, access levels are actually a great time saver. They weren't necessary as such, but people got fed up with trying to set up constantly, every time they created new content having to tick individual user groups. So with Viewing Access Levels, it simply means that you target certain user groups, and you can group multiple user groups together to set who gets to view a certain piece of content. Now that content could be a menu item, could be a banner, could be an article, or it could be a module, and so on and so forth. So, if it's viewable to a user on the front end, it really wants to know what level of access do they need to have in order to view that piece of content. So, in my case, as I want to create an article, I can open that up in the back end, and I can start to create an article of my own. And with this, it's viewable on the front end. So as it's viewable in the front end, it will allow me to set the access, or the access level. So currently, the access is public. So let's go ahead and take a look at Public. So you'll see here we have the Level Title. We can modify that. We can say Save, Save & Close, Save & New, Save as Copy, and Close, and forget the changes. Now, you'll notice that only Public is ticked. And that's because of inheritance. So if the public can view it, all of the child user groups will be able to view it as well. So whatever user group you create, it is a child of the Public user group, even if it's nested all the way inside of other user groups, they are all children of the Public user group. And so because we've ticked the parent, that applies to all of these user groups. Now let's say that I changed that to Registered, let's say. Let's have a look at the Registered access level. Well if we look inside of here, we can see that Manager is ticked, Registered is ticked, and Super Users is ticked. Now that doesn't mean those three user groups are able to view it. It means that Manager, Administrator, Test Manager, Registered, Author, Editor, Publisher and Super Users are able to view that content on the front end. But it's unnecessary. We don't need to tick those child user groups because we've ticked their parent instead. And so that way it applies to all those child user groups and we've excluded Guest. And also Public, as well. So that's nice, but now what I'd like to do is create my own access level. So I'm gonna hit New and then we're going to call this access level Test Manager. And I'm gonna say only the users within the Test Manager user group are able to view this content on the front end. Now it doesn't have any child user groups, so it's just this user group only is able to view this content on the front end. So I'm just gonna go ahead and say Save & Close. And there is my access level Test Manager. Now we need to refresh this page. And then I'm just going to provide some content like so. And then we're gonna set the Access level to Test Manager. And go ahead and say Save & Close. So now there is my article that I've just created, and if I hit refresh on the front end, we don't see this article and that's because we're currently the public on the front end. So, I'm just gonna go to Author Login and log in as the Test Manager, which is part of the Test Manager user group. So I'm gonna log in. And then I'm gonna click on Home. Then when we do that you're now able to view that article on the front end. Now let's say that you log in as the administrator, the super user on the front end. Will you be able to view that article? The answer is no. So if we log out real quick and we log back in as the administrator. And then we go to the home page. You'll notice that article doesn't show up. So this is very, very specific to who can view that article or piece of content, whether it be, again, a menu item, a banner, a module, so on and so forth, who can view that on the front end. And even though you have a lesser user, such as a manager, if you just set only managers can view this and not super users, the super user won't even be able to view this on the front end. But it doesn't affect the back end. So in the back end you can see here I am logged in as Lawrence, which is the super user, and I can still edit this article, I can also publish it, I can delete it and so on and so forth. I can do whatever I like, I'm me super user. But it affects the front end, so I'd need to have to change the access level or the access level itself. So, I'm just gonna change Test Manager to now encompass Super Users, and hit Save & Close. Now, if you go to the front end and hit refresh, it may not show up. But that doesn't mean it hasn't worked. You need to log out, and then log back in again, so it can refresh those permissions, and then you should be able to log in and view it. There we go. Click on Home. And now, as I am the super user logged in, I can now see this article. So that's what viewing access is all about. And it's all to do with the front end. But it does not affect the back end. So thank you for watching me in this lesson and please join me in the next lesson, where we'll continue on learning about the user manager component.

Back to the top