![Page 1: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/1.jpg)
tekstJoomla! ACL
Sander Potjer@sanderpotjer
www.aclmanager.net
Joomla!Day Denmark - 26 October 2012
![Page 2: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/2.jpg)
Sander Potjer• Involved in the local Dutch Joomla
community
• Joomla Community Leadership Team (CLT) member
• Company: Sander Potjer Webdevelopment
• ACL Manager developer
• E-mail: [email protected]
![Page 3: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/3.jpg)
Sander Potjer• Involved in the local Dutch Joomla
community
• Joomla Community Leadership Team (CLT) member
• Company: Sander Potjer Webdevelopment
• ACL Manager developer
• E-mail: [email protected]
• Slides: http://www.slideshare.net/sanderpotjer
![Page 4: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/4.jpg)
Joomla! ACL
![Page 5: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/5.jpg)
• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
DrupalCon, October 2005Johan Janssens
It took a while...
![Page 6: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/6.jpg)
• ACL = Access Control List
ACL?!?!
![Page 7: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/7.jpg)
• ACL = Access Control List
• Access to parts of the website– e.g. menu / module visibility– “view” action
ACL?!?!
![Page 8: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/8.jpg)
• ACL = Access Control List
• Access to parts of the website– e.g. menu / module visibility– “view” action
• User actions on objects– example: create / edit / edit state / delete article
ACL?!?!
![Page 9: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/9.jpg)
• Allow backend access to just one specific component
Example
![Page 10: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/10.jpg)
ACL - Groups
7 Groups, fixed structure– Public – Registered– Author– Editor – Publisher – Manager – Administrator– Super-Administrator
2.5/3.0
![Page 11: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/11.jpg)
ACL - Groups
7 Groups, fixed structure– Public – Registered– Author– Editor – Publisher – Manager – Administrator– Super-Administrator
Unlimited Groups, flexible structure
– user – group – names– up– to – you
2.5/3.0
![Page 12: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/12.jpg)
ACL - User in Group
User can be assigned to one group
2.5/3.0
![Page 13: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/13.jpg)
ACL - User in Group
User can be assigned to one group
User can be assigned to multiple groups
2.5/3.0
![Page 14: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/14.jpg)
ACL - Access Levels
3 fixed Access Levels– Public– Registered– Special
2.5/3.0
![Page 15: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/15.jpg)
ACL - Access Levels
3 fixed Access Levels– Public– Registered– Special
Unlimited Access Levels– default access levels– user defined
2.5/3.0
![Page 16: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/16.jpg)
ACL - Access Levels & Groups relation
Fixed relation between Groups and Access Levels
2.5/3.0
![Page 17: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/17.jpg)
ACL - Access Levels & Groups relation
Fixed relation between Groups and Access Levels
Any combination of User Groups can be assigned to any Access Level
2.5/3.0
![Page 18: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/18.jpg)
ACL - Actions
Fixed Actions per groupCreate / edit / delete / admin access / etc.
Permission scope for entire siteSame permission for all objects
2.5/3.0
![Page 19: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/19.jpg)
ACL in Joomla! 1.5 & 1.6 (Actions)
• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
![Page 20: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/20.jpg)
ACL - Actions
Fixed Actions per groupCreate / edit / delete / admin access / etc.
Permission scope for entire siteSame permission for all objects
Custom Actions per groupCreate / edit / delete / admin access / etc.
Permission scope at multiple levelsSite/Component/Category/Item
2.5/3.0
![Page 21: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/21.jpg)
Joomla! 2.5 ACL Overview
(but the same for Joomla 3.0)
![Page 22: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/22.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 23: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/23.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 24: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/24.jpg)
• Guest is also a user
• Users can be assigned to one or multiple groups
User
![Page 25: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/25.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 26: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/26.jpg)
• Assigned to group (not to a user!)
• 10 Actions– Site Login– Admin Login– Offline Access (since 1.7)– Super Admin / Configure– Access Component– Create– Delete– Edit– Edit State– Edit Own
Core Permissions
![Page 27: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/27.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 28: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/28.jpg)
• Users with same permissions
• Inherited permissions from parent groups
• Unlimited nested groups
• Keep it simple! Only use nested groups if needed
• New: Guest group in Joomla 3.0
Group
![Page 29: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/29.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 30: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/30.jpg)
• What is visible for the group (article, menu, module, etc.)
• Permissions are inherited between Access Levels
• Even Super Users can not view content on frontend ifnot assigned
Access Level
![Page 31: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/31.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html
![Page 32: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/32.jpg)
Permissions
![Page 33: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/33.jpg)
• 4 possible permission settings
– Not Set
– Inherited
– Allowed
– Denied
Permissions
![Page 34: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/34.jpg)
• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
Permissions - Not Set
![Page 35: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/35.jpg)
• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allowed’ or ‘Denied’
Permissions - Inherited
![Page 36: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/36.jpg)
• Action for current permission level and lower levels• Action for current user group and child groups• Can be overridden by ‘Denied’
Permissions - Allowed
![Page 37: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/37.jpg)
• Action for current Permission level and lower levels• Action for current User Group and child Groups• Can not be overridden at all• Always win!
Permissions - Denied
![Page 38: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/38.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
Permission Hierarchy (levels)
![Page 39: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/39.jpg)
![Page 40: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/40.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
Permission Hierarchy (levels)
![Page 41: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/41.jpg)
![Page 42: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/42.jpg)
![Page 43: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/43.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
Permission Hierarchy (levels)
![Page 44: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/44.jpg)
![Page 45: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/45.jpg)
![Page 46: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/46.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for article manager in Joomla core
Permission Hierarchy (levels)
![Page 47: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/47.jpg)
![Page 48: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/48.jpg)
![Page 49: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/49.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for article manager in Joomla core
Permission Hierarchy (levels)
![Page 50: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/50.jpg)
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for article manager in Joomla core
• Override permissions of higher levels only works if permission setting is not ‘Denied’!
Permission Hierarchy (levels)
![Page 51: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/51.jpg)
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ Action
![Page 52: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/52.jpg)
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ Action
![Page 53: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/53.jpg)
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ Action
![Page 54: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/54.jpg)
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ Action
![Page 55: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/55.jpg)
Available Permissions and Levelsfor a Group of Users
![Page 56: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/56.jpg)
Action: Edit State
![Page 57: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/57.jpg)
![Page 58: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/58.jpg)
![Page 59: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/59.jpg)
![Page 60: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/60.jpg)
![Page 61: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/61.jpg)
ACL Manager for Joomla! 1.6
![Page 62: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/62.jpg)
ACL Manager for Joomla! 1.6
![Page 63: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/63.jpg)
![Page 64: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/64.jpg)
![Page 65: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/65.jpg)
![Page 66: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/66.jpg)
![Page 67: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/67.jpg)
![Page 69: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/69.jpg)
Debug Permissions
![Page 70: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/70.jpg)
• Turn on the ‘Debug System’ in the Global Configuration
• Go to ‘User Manager’ or ‘Groups’
• Click on ‘Debug Permission Report’ next to the User or User Group
Debug Permissions
![Page 71: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/71.jpg)
![Page 72: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/72.jpg)
• Need to turn ‘Debug System’ on...Debug Permissions
![Page 73: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/73.jpg)
So, what about the database?
![Page 74: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/74.jpg)
Database: #__assets
![Page 75: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/75.jpg)
Plan your ACL implementation
![Page 76: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/76.jpg)
• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?
• Viewing: define the Viewing Access Levels
• Action: define the permissions for all actions
Viewing or Action problem
![Page 77: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/77.jpg)
• Structure your content properly to handle the permissions
• Make usage of parent categories with nested categories with same permissions
• No need to set permissions per article
Think ahead! Maintenance?
![Page 78: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/78.jpg)
Some Notes
![Page 79: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/79.jpg)
• The Netherlands– Allowed on edit ‘The Netherlands’ category– Denied on edit ‘Germany’ category
User in multiple User Groups
![Page 80: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/80.jpg)
• The Netherlands– Allowed on edit ‘The Netherlands’ category– Denied on edit ‘Denmark’ category
• Denmark– Allowed on edit ‘Denmark’ category– Denied on edit ‘The Netherlands’ category
User in multiple User Groups
![Page 81: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/81.jpg)
• The Netherlands– Allowed on edit ‘The Netherlands’ category– Denied on edit ‘Denmark’ category
• Denmark– Allowed on edit ‘Denmark’ category– Denied on edit ‘The Netherlands’ category
• User in The Netherlands & Denmark group– Denied on edit ‘The Netherlands’ category– Denied on edit ‘Denmark’ category– Denied always win (again)– Solution: don’t use denied but not set/inherited (=soft deny)
User in multiple User Groups
![Page 82: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/82.jpg)
What if I locked myself out?
![Page 83: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/83.jpg)
• No need to access your database• Open your configuration.php and add:
– public $root_user = 'username';
• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
What if I locked myself out?
![Page 84: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/84.jpg)
Practical ACL Tips
![Page 85: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/85.jpg)
• Write down your ACL requirements for a website before implementing
• Joomla 1.5 User Groups are for backward compatibility in Joomla 2.5, you may remove them!
• Use multi-nested Groups only if needed / know what you are doing(so inheriting value only between levels, not groups as well)
ACL Tips
![Page 86: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/86.jpg)
• Assign User Group with backend access to a Viewing Access Level (often ‘Special’)
• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible
• Use role-based groups
ACL Tips
![Page 87: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/87.jpg)
Quick ACL example(do we have time?)
![Page 88: Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012](https://reader034.vdocuments.mx/reader034/viewer/2022051323/548127a65906b5e66c8b4633/html5/thumbnails/88.jpg)
• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-
permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video-
access-controls.html• http://www.aclmanager.net• http://www.aclmanager.net/news/general/28-is-your-extension-really-
joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-
your-extension• http://magazine.joomla.org/issues/issue-sept-2012/item/856-Implementing-
Role-Based-ACL
Resources