The Joomla! Community Magazine™

Joomla ACL: Access Levels

Written by | Wednesday, 01 February 2012 00:00 | Published in 2012 February
Now that you have a grasp on the terminology of ACL, let's implement a simple system where different users see different content on a website. To follow along with this example, you should be working with Joomla 1.7 or higher.

Italian translation via BlogJoomla.it

Traditional Chinese translation via Lo Jen-Chih

Russian translation via Katerina Vorobyova

Before you start clicking buttons, you must start with an ACL strategy for implementing this website. Start by describing the problem you're trying to solve:

For the school website I am developing:

  • The general public can visit that site and see most content. However, there is content behind the scenes for students and teachers.
  • A teacher can see content specifically for teachers, all student content. and the public content.
  • Students can only see student content (not teacher content) and the public content.

Note we talked only about the content that was seen. We did not talk about editing, creating, deleting, or managing content. This points to a reading problem — or an issue with access levels.

Next, we have three groups described here: the public, students, and teachers. The Public group already exists, but we'll need to create the students and teachers groups. All these users are doing is logging into the website to see more content, so the only permission we need to assign to this group is the ability to log into the front end of the website. Essentially, teachers and students are registered users.

We'll then need to create our content such that teachers see both student and teacher content, while students see only student content.

Our approach to this problem will be as follows:

  1. Create our groups, called "students" and "teachers".
  2. Assign core permissions to our group. In this case, we're assigning the site login core permission.
  3. Create our users and assign them to groups. I'll create one called "student" and one called "teacher" for our example, but in the real world, you may have many accounts to create.
  4. Create an access level for students, and another access level for teachers.
  5. Create categories for students and teachers, and assign the correct access levels.
  6. Create articles for students and teachers, and assign the correct access levels.
  7. Create menu items for students and teachers, and assign the correct access levels.
  8. Test our logins and see if they work correctly.

1. Create Our Groups

To create a group, log into the back end of the Joomla website.

Go to the top menu and go to Users - Add New Group. You'll see this screen.

Add User Group screen.

  1. For Group Title, enter Teachers Group.
  2. For Group Parent, choose Public.
  3. Click the Save & New button, shown on the top right, to save the Teachers group and create a new group.
  4. For Group Title, enter Students Group.
  5. For Group Parent, choose Public.
  6. Click Save & Close to save our Students group and return to the User Manager: User Groups screen.

Why did I make the Teachers Group and Students Group their own group, with a parent of Public? When you start nesting user groups, particularly when you're just starting to work with ACL, permissions can get complicated very quickly. By making your groups children of Public, you control the permissions of the group directly, rather than through inheritance from other groups, and this is easier for most people to understand.

In this example, it would have been no less complicated to make these groups children of Registered instead. If you choose to do that, that works. However, as you work with increasingly complex examples with ACL, keep in mind that making user groups children of Public eliminates complexity and can be useful for debugging.

2. Assign Core Permissions

Go to Site - Global Configuration, the to the Permissions tab. For the Students Group and the Teachers Group, set the Site Login permission to Allowed. Leave all other settings set to Inherited. Remember that these groups inherit permissions from the Public group, so by default, the Students and Teachers groups are not permitted to do anything.

3. Create Users, Assign to Groups

Now that we have our groups created, we need to create some users to live in these groups.

To do this, go to Users - Add New User, and you'll see the following screen:

User Manager screen in Joomla 1.6.

  • Name: Enter the user's full name, in this case, Ms. Jones.
  • Login Name: Enter a username for this person: teacher.
  • Password and Confirm Password: Type the same password twice.
  • Email: Enter the user's email address. (If you are not doing this for a real user, use This email address is being protected from spambots. You need JavaScript enabled to view it..)

Skip the other fields on this page, and scroll down to Assigned Groups. Note that by default, Registered is checked.

Choose "Teachers" from the list. Ms. Jones, the teacher, is now assigned to both the Registered user group and the Teachers user group.

Click "Save & New", then repeat this same process for a Student login. The student's name is David Smith and username is david. Use This email address is being protected from spambots. You need JavaScript enabled to view it. if you need another email address. Assign David to the Students Group and the Registered group. Choose Save & Close when you're done.

Why did we assign these users to the Registered user group as well as the other groups? Sometimes you will want to have information behind a login that is visible to anyone who is logged in, rather than to a specific group of users. By assigning your users to the Registered user group in addition to more specific groups, you can (for example) display a user menu to anyone who is logged in, but specific menu items to specific user groups. This will also help us when we decide to customize a login page for the site.

4. Create Access Levels

We have our users, core permissions, and user groups all set up, so now it's time to create two Access Levels, one for students, and one for teachers.

Go to Users - Add New Access Level, and you should see this screen:

Add access level screen.

For the Level Title, enter Teachers Access Level. Then check the boxes next to Teachers Group. This will allow only teachers to see the Teachers Group content.

Click Save & New, enter Students Access Level for the Level Title, and check the Students Group and Teachers Group boxes. This means that teachers can see this student content, in addition to students seeing the student content. Click Save & Close to leave this screen.

Why did we not assign Registered users to the Teacher or Student Access Levels? By assigning the Registered user group to a Teacher or Student access level, then everyone who is in the Registered user group will see Teacher and/or Student information. Access levels are key to who sees which content. Think carefully about which groups should be included in each access level.

Why did we not include Super Users in the Teacher or Student Access Levels? By not including Super Users in these access levels, when Super Users are logged into the front end of the site, they will not be able to see teacher or student content. They can see this content and edit it from the back end of Joomla, however. If it is important for Super Users to see teacher and student content, be sure to assign Super Users to the Teacher and Student Access Levels.

5. Create Categories

On this website, I have created a category for content specifically for teachers to see (under Content - Add New Category):

Add new category.

When creating this category, be sure to set the Access dropdown (which is the access level) to Teacher Access Level.

I also created a category for students. It's set up the same way, except the title is Students Category and the Access is Students Access Level.

Why did we create specific categories for teacher and student content? You could create content anywhere in Joomla and then assign the access level on an article by article basis. Most articles would be set to the Public access level, but you could make exceptions for Registered access level, Teacher Access Level, or Student Access Level as required.

However, grouping your articles under a specific category helps to clarify the target audience for this content and the access level. Remember you could always make sub-categories within the Teacher category, if you have too much content to manage within a single category.

Once you set the access level for a category, that access level is inherited for all articles under that category, even if you leave the access level set to public.

6. Create Articles

Next I set up an article for Teachers, in the Teachers category. To create a new article, go to Content - Add New Article.

Article for teachers.

The fields I completed were:

  • Title: This Article is for Teachers
  • Category: Teachers Category
  • State: Published
  • Access: Teachers Access Level
  • Article text: enter some dummy text.

Click Save & New, then repeat the process for students:

  • Title: This Article is for Students
  • Category: Students Category
  • State: Published
  • Access: Students Access Level
  • Article text: enter some dummy text.

Click Save & Close when you are done.

While I have created only one article for each group, I could create as many articles as I wished.

If the access level for the category is inherited by the articles, why did you set the access level in each article as well? For me this is self-documentation. Strictly speaking, you could leave the access level set to Public (the default), but the article would still only be viewable by the Teacher or Student Access Level members. However, when I set the access level in each article, I'm ensuring that when I come back to this site in 9 months trying to fix a problem for a client, I don't get side-tracked trying to recreate the access level inheritance for a given article -- it will be labeled with that information already.

7. Create Menu Items

Next comes the menu. In the Main Menu (under Menus - Main Menu), we'll add two links, one for teachers and one for students.

To create the link, I went to New (upper right corner), chose Category List for the menu item type, and entered the other information as below:

New menu item.

  • Title: Teachers Information
  • Menu Item Type: click Select, then Category List
  • State: Published
  • Access: Teachers Access Level
  • Choose a Category: Teachers Category

Click Save & New, and repeat the process for students:

  • Title: Students Information
  • Menu Item Type: click Select, then Category List
  • State: Published
  • Access: Students Access Level
  • Choose a Category: Students Category

Click Save & Close when you're done.

Why did you choose category list? This allows all information for the category to be listed on one page. You could have made this link a category blog, a single article, or any other type of link you wish.

Why did you set the access level for the menu? Doesn't it inherit from the article? In the case of menu items, their access level is independent of the content to which they link. In other words, you could have an article with an access level of Teachers Access Level, but leave the menu item to an access level of Public. If you do this, provided the module displaying the menu is also set to an access level of Public, the link will be visible to anyone visiting the site. When clicked, if the visitor does not have rights to see the content behind the link, they will see a message stating that they don't have access to this location.

That might be the exact behavior you want for a site where you're selling subscriptions to information (buy our subscription and see the information behind this article!). But if you are trying to provide the least frustrating user experience, it's a good idea to set the access level for the menu item to match the content behind it.

8. Test Our Logins

We've finally configured everything required to have different content for students and teachers on our website.

Go to the front end of the website. Enter your login information in the login box.

Enter the username and password for the teacher, Ms. Jones. Remember that's teacher as the username and whatever you entered for her password.

If you've done everything right, you should see two links in the main menu, one for "Teacher Information" and one for "Student Information".

Return to the login page to click the Log out button. Now repeat the process as David Smith, the student, with a username of david and the password you gave him.

If you've done everything right, you should see one link in the main menu for "Student Information".

Conclusion

If you've followed this example all the way through, it probably took you about 15 minutes to complete.

Did you think the login experience looked rather ugly? So did I. In my next article, I will show you how to customize a login screen for all user groups, based on this same example.

Read 82777 times

Related Video

In her lynda.com course, Joomla 1.7 Access Control Lists In Depth, Jen Kramer provides an overview of the 4 parts of the ACL system: users, user groups, core permissions, and access levels.
Tagged under Administrators