The Complete Guide to Joomla Role-Based User Access
Let’s assume you’re not the only person managing your Joomla site. And you also can not intently follow each team member's activities. What are you going to do now?
Determining which user gets access to which part of your website is crucial to managing a business website. Especially if you run corporate projects, distributed varied roles for team members are important to perform their tasks more effectively.
If you are looking for a quick guide to set up user roles in your Joomla site, then you are in the right place. All it requires is a little bit of perspective and tweaks. Are you up for it? Let’s find out how easily and effectively you can manage users on your Joomla sites.
What is a Role-Based Access Control List?
Before digging deeper, it’s important to understand how role-based access works. If you want any part of the site, for example, category, admin module, menu item, etc. to be accessible only to those assigned to this role, then you need to create a role-based access level that includes only this group.
We set this up as a one-to-one relationship so that this access level will provide access only to those who have been assigned this role. If a user is not assigned to this role, they don't get access to it.
Why Role-Based Access Is Important?
As mentioned above, you can determine what people can see and do on your Joomla sites. By setting up user roles, you can easily distribute the team member’s roles on-site specifically or separately to delegate tasks more effectively.
You can also divide users into different groups with specific viewing access levels, which means people can only see what you allow them to see on your site. The usefulness is endless!
Access Levels in Joomla
There are five access levels that are included in Joomla by default. Learning how to use the Public, Guest, Special, and Registered access levels gives you a lot of power over who sees what content on your site.
Public: Any visitor, regardless of whether or not they are logged into your site or not, can view anything that is assigned to the public access level.
Guest: This access Level will hide content from site visitors unless they are logged into the site.
Registered: Registered allows the user to login to the Frontend interface. They can't contribute content but may have access to other areas, like a forum or download section if your site has one.
Special: Allows access to content creation and other system information from the Backend. This includes Author, Manager, Super Users.
Super Users: Super Users have complete administrative access to your site. They have access to and can change every aspect of the site.
Allow User to Access Only One Component in Admin Panel
Sometimes you may need to restrict users from accessing resources in the admin panel. You can easily allow a user to access only one or few components in just a few simple steps.
Create New User Group
To achieve a role-based access level, we need to create user groups and define permission for users. Go to the Joomla admin panel, click on the "Users" tab on the top bar, and then “Groups” > "Add New Group".
Follow the steps to create a new user group:
- Name your group however you like. For this tutorial, let’s call it "Custom-Group"
- Select "Manager" as the parent group
- Click "Save & Close"
Create New User(s) & Assign Them to the New Group
Now, you need to create a new user or users and assign them to the newly created group. To do that, go to “Users” > “Manage” > “Add New User”. Fill in the account details as usual and from the Assigned User Groups tab select the group we have created in the previous step.
Grant Access To Selective Component
All user groups are allowed to get the core permissions as long as you make some changes to the Permission Settings page.
Here’s a brief description of some of the actions below:
Site Login: The users who get the permission can log into the front-end of your site.
Administrator Login: The users who get the permission can access the back end of your website.
Super User: The users who get that permission can do anything even for changing Global Configuration settings.
Access Administration Interface: The users who get the permission can perform tasks like change the website’s look, add new extensions, etc.
For this tutorial, go to the newly created user group “Custom Group” > “Access Administration Interface” and set it to “Allowed”.
Disable Access to Other Components
You can disable access to the other components according to your needs. To do that, you need to manually disable access for each component.
Let’s see how to do that for Banner.
Go to “Global Configuration” > “Banners” > “Custom Group” > “Access Administration Interface” and set it to “Denied”.
Similarly, you need to disable access for the other components according to your needs.
- Banners
- Contacts
- Articles
- Smart Search
- Media manager
- Messaging
- News Feeds
- Search
- Weblinks
Now the user has access to the specific component or components as per your defined permissions.
Wrapping Up
Granting inappropriate levels of access to staff members is a leading cause of data loss and data theft. Whereas, the benefits of role-based user access are endless. Lack of role-based access can be costly for any organization in more ways than one. So, why take the risk?
Implement role-based user access to your Joomla site today and create a more secure and productive environment to perform tasks more effectively. Good luck!
The way suggested above opens up everything then needs you to lock things down as not required. I think this is a poor way of doing things myself, as if you add a new component, you need to remember to block access if not needed, as opposed to opening it up if it is needed.
I've always followed this guide which is old but works perfectly: https://forum.joomla.org/viewtopic.php?f=673&t=749774
Create a new user group and set its parent to Public.
Go to GlobalSettings->Permissions, open up the permissions for this new group, "allow" the permission "Admin Login." this allows the user to login
Go to Access Levels, edit "Special," and add this group to the Special access Level. The admin menu is shown only to those under the access level Special.
Go to the component, open up its options and go to Permissions. Open up the new group to see the permissions assigned to this group. Add the permissions you want to give to this user. If this component does not provide permissions, you can use the extension ACL Manager to add the basic permission of accessing/editing the component.