Joomla 2.5 user permissions ( ACL ) are a bit tricky to understand and get to grips with for the first time. They offer an incredible level of control to a large website and bring joomla to a truly enterprise level for intra and extra nets. They also lead to confusion if they are not setup correctly.
The Permissions control are not hierarchical.
It can be made hierarchical if you use inherit permission.
There is no limit on the groups and access levels. You have users, user groups and access levels. Groups are assigned to access levels
A user can be part of many user groups.
Access levels control the permissions to access categories, articles, menus or components
Access levels have user groups assigned to them.
A user group has 9 available actions
- Site Login – login to the front - end site.
- Admin Login - login to the backend administrator site.
- Super Admin – Same as joomla 15 , can do any thing on the site front and back-end.
- Access Component – access all areas on the back-end administrator site except Global Configuration.
- Create – create any content.
- Delete - delete any content.
- Edit - edit any content.
- Edit State – edit the state of any content.
- Edit Own – edit any content they own.
The Action has 4 available permissions:
- Not Set – No permission. (Public User Group only, same as registered user in joomla 15).
- Inherited – permission is inherited from the parent group.
- Denied – Flat denial regardless of the parent setting.
- Allowed - Allowed, but may be restricted by the parent if inherited?
Joomla 2.5 defines 4 permission levels which override one another. They are listed in descending order Level 1 has Level 2,3,4 included. Level 2 has level 3,4 included and so on.
- Global Configuration
- Component Options
Defines the default permission for each user group and actions.
Overrides the default permission for components. For instance, Articles, Menus, Users, Banners etc.
Overrides the permission of Global Configuration and Components. It's available for components with categories including Articles, Contacts, Banners, Newsfeeds, and Weblinks.
Overrides the permission of Global Configuration, Components and Category. It's only available for articles in Joomla core, K2 Zoo etc are currently not covered, they may be in the future.
Advice with the permission value "inherited" you can configure low-level permissions more effectively and faster, its less confusing and easier to manage.
It is important to plan out the access levels of the website before setting up the levels and groups as doing this ad-hoc later leads to unpredictable results.
( credit to joomlashine.com blog )