Access Control List

ACL or Access Control List. According to Wikipedia, "An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed to be performed on given objects." In the case of Joomla we have two separate aspects to ACL:

  • Which users can gain access to what parts of the website? For example, will a given menu choice be visible for a given user?
  • What operations (or actions) can a user perform on any given object? For example, can a user submit or edit an article?

ACL for publishing workflow

There are several different kinds of users in Joomla and each has a set of permissions granted to them:

User Manager
User Manager

  • Guest - Anonymous users of the website, no special rights.
  • Registered - Normal visitors who register.
  • Author - Can submit content for approval in the front end only. Can edit their own content once published. A publisher or higher must approve new content before it goes live.
  • Editor - Can submit or edit all existing content, front end only. A publisher or higher must approve new pages before they go live, updates to existing content go live immediately.
  • Publisher - Can publish plus do any of the above, front end only.
  • Manager - All of the above plus can log into the back end w/increasing rights. Can Add new/Edit Menu, Section, Category, Article, Component. Can not Insall/Uninstall/Manager Extensions. 
  • Admin - All of the above plus can log into the back end w/increasing rights. Can Insall/Uninstall/Manager Extensions, User and settings Configuration. 
  • Super Admin - Full access control.

After installation, Joomla starts out with one super administrator. To add or edit new users manually, you must be at least a manager. To create Admins, you must be a Super Admin.

TIP. For a small organization with one web master, much of this may be unnecessary. But even if you choose not to use a publishing workflow, having a publisher or manager user is a nice way to simplify the options for less experienced users.

ACL for displaying content

Aside from front end and back end permissions, you may also use ACL to display certain content to certain visitors. Currently there are only three choices for using ACL this way. They are Public, Registered, and Special (which stands for Authors and above). You can assign the access level to any menu item, article or module in the back end. The default is Public, but by choosing Registered or Special, the item will only appear to that user group and above.

Access Level
Access Level

TIP. Special ACL is used for the User Menu items in the default sample content. This allows for links such as "submit article" to be only visible for author users and above.

TIP. You can use Registered ACL as an simple way to create member's-only content.

TIP. You can safely experiment on a live site by using access levels. Simply assign something (such as a new menu item and page) to the Special access level and publish it. Then only users who are author and above will ever see it. (Don't forget to log in to the front end and changing the item back to Public so that it is visible to everyone.)

After installation, Joomla starts out with one Super Administrator. To add or edit users, you must be at least a manager. To create admins, you must be a Super Admin. For a small organization with one web master, much of this may be unnecessary. But even if you don't use a publishing workflow, having a publisher or manager user is a nice way to simplify the options for less experienced users.

Registering and ACL

If someone registers at your site, a new user is created automatically. Normally these new users will become Registered Users, however you may choose your preferred access level in Joomla's global configuration.

New User Registration Type
New User Registration Type