What you need to know about Joomla 1.6 Written by: Jen Kramer
Assembled by Igor Mihaljko 8/9/2010
Contents Hooray For Save & New! ..................................................................................................................... 4 I See Checked Out Items...................................................................................................................... 5 I Want That Module On Every Page But This One! ............................................................................. 5 Oh no, my session expired (again)! ..................................................................................................... 6 Home Sweet Home.............................................................................................................................. 7 The Media Manager Gets Cool ............................................................................................................ 7 I Love Trash.......................................................................................................................................... 7 Joomla 1.6 Categories ......................................................................................................................... 9 Goodbye Sections. Hello Nested Categories ....................................................................................... 9 New Category View for Menu Items ................................................................................................. 11 Category Meta Data .......................................................................................................................... 12 15 Minute Guide to Access Levels in ACL .......................................................................................... 13 ACL in Joomla 1.5............................................................................................................................... 13 ACL in Joomla 1.6: Overview ............................................................................................................. 14 User ............................................................................................................................................... 14 Core Permissions ........................................................................................................................... 15 Group ............................................................................................................................................. 15 Access Level ................................................................................................................................... 15 I Want Different People to See Different Content When They Log In .............................................. 16 1. Create Our Groups..................................................................................................................... 17 2. Assign Core Permissions ............................................................................................................ 17 3. Create Users, Assign to Groups ................................................................................................. 17 4. Create Access Levels .................................................................................................................. 18 5. Create Categories ...................................................................................................................... 19 6. Create Articles ........................................................................................................................... 20 7. Create Menu Items .................................................................................................................... 21 8. Test Our Logins .......................................................................................................................... 22 Conclusion ......................................................................................................................................... 22 Review ............................................................................................................................................... 24 User ............................................................................................................................................... 25 Core Permissions ........................................................................................................................... 25
Group ............................................................................................................................................. 25 The Default Groups ....................................................................................................................... 26 Understanding Core Permissions in Global Configuration ................................................................ 26 All About Deny................................................................................................................................... 28 I Want Different People To Edit Different Content On My Site ........................................................ 28 1. Create Our Groups..................................................................................................................... 29 2. Assign core permissions to our groups...................................................................................... 30 3. Create our users and assign them to groups............................................................................. 31 4. Create a category and set permissions ..................................................................................... 32 5. Create articles for the History Category and the Art Category. ................................................ 36 6. Create menu items for the History Category and the Art Category.......................................... 36 7. Test our logins ........................................................................................................................... 36 I'm Locked Out Of My Site ................................................................................................................. 38
Improvements for Site Builders Joomla 1.6 offers much to site integrators and builders that will make them very, very happy. I have spent so long working with Joomla 1.5 and its quirks that I’ve forgotten about many of my pain points. Now that 1.6 is out, I can’t wait for the final release, and it’s all due to a few little things that make my life much easier. I hope you enjoy these new features as well!
Hooray For Save & New! In Joomla 1.5, we had the options of Save, Apply, and Close for most functions in the Joomla administrator area. We now have some new options for creating and editing content, and they're located fairly uniformly across the Joomla admin interface. Here's how they look and change in regards to an article. After clicking the "New" button in the Article Manager to create a new article, the buttons look like this:
After the article is saved for the first time, the buttons change to this:
Note in particular the appearance of the "Save as Copy" button after saving. The name of the button with the red X starts as "cancel" but changes to "close" after the article is saved. In the Module Manager and for most components, the options are the same, but unfortunately, the icons are different (at least in beta 4):
After clicking the New button in the Module Manager to create a new module, and choosing the Custom HTML module, the buttons look like this:
Although the icons are different, the functionality of these buttons is the same:
Save. Save is the equivalent of the old Apply option. Your changes are saved, but you stay in the editing screen. Save and Close. This is the equivalent of the old Save option. Your changes are saved and you return to the appropriate manager screen (i.e. Article Manager, Module Manager, etc). Save and New. Save the item you just created and make a new one. This is a terrific addition for occasions when you have many articles to enter, one after another, because it saves clicks and screen reload time. Save as Copy. Save a copy of the exact screen you're looking at. This is great for copying an existing article or module, which might form a base for a second item that's similar in settings. Cancel/Close. Depending on the screen, this button may be called Close or Cancel, but the icon is the same. This action closes the item you're working on without saving your changes.
I See Checked Out Items... In Joomla 1.5, if an item is checked out, no one can see what's happening to it other than the person currently working on it. In Joomla 1.6, you're able to view the information and settings for that item (although you cannot make changes). This sounds like a very small change, but it solves two interesting issues. First, if you're training a client remotely, or if you're doing some technical support, if the client is looking at a specific article or module, you can't look at it on your computer while the client looks at it on theirs. With this new improvement, your client can make changes to the item while you are looking at the settings for the item. Second, when combined with the new Save as Copy feature, it's possible for someone to open an item that's checked out and save a copy of it. That means you don't have to track down the person who last checked out the item to get it checked back in, and you don't have to bother the site administrator about running a global check-in of all items.
I Want That Module On Every Page But This One! There is a new option for assigning modules in Joomla 1.6, which will make your life (and your client's lives!) much easier.
When assigning a module to a page or pages of your website, you have 4 options. The first three are not new, but the last one is quite exciting:
On all pages: Include this module on all pages of the website. No pages: Don't include this module on any page of the website. Only on the pages selected: Include the module on the selected pages in the list. On all pages except those selected: Now we can include our module on every page of the site, with exceptions. This is great if you want a module on every page of the site except the home page, or except the few pages that have an alternate layout. Previously we'd have to assign the module to selected pages only (i.e. all but the home page). Then when you created a new page, you'd have to make sure to remember to assign the module to that page as well. This new alternative solves that problem.
In an additional UI bonus, you may now assign modules from the menu item screen. That saves more than a few clicks from having to create the menu item, then go to each individual module you need assign to the page.
Oh no, my session expired (again)! How many times has this happened to you? You're working away in Joomla, and you get a phone call. You come back to the site 16 minutes later, and you're logged out. What's more, Joomla doesn't remember where you were or what you were doing, so all of your changes are lost. In Joomla 1.6, if your session expires and you're logged out of the site, when you log back in again, Joomla will get you close to where you were. If you were creating a new module, for
example, it will at least dump you into the Module Manager. If you were editing an existing article, it will put you back in the article.
Home Sweet Home In Joomla 1.5, the page to which most people refer to as "home" was called "default". The language has been changed, so now in Joomla 1.6, the home page is the home page. We also had a feature in Joomla 1.5 called "frontpage items". I got a lot of questions about "frontpage", mostly "How is FrontPage involved with Joomla? I thought Microsoft FrontPage was a separate program!" Frontpage items, however, were articles that were selected to show on the home page. You could only have one "frontpage" per website, wherever it was located (generally the home page). In Joomla 1.6, FrontPage has left Joomla, and these are now called "featured" items. The big reason is that you can now have more than one "featured" page per website. It seems that you can create a page that will display all featured articles from a given category only. However, I was unable to find where in the UI that you could set the initial category, so perhaps this feature needs a bit more time to mature.
The Media Manager Gets Cool There have been a number of changes to the Media Manager in Joomla 1.6. First, its menu location has changed, from the Site menu to the Content menu. Second, the options for the Media Manager have moved out of Global Configuration to their own screen. Check the top right of the Media Manager for the Options button. In the Options area, you will see the old option to enable the Flash uploader. The Flash uploader was originally included with Joomla 1.5, but due to some issues between Joomla and Flash 10, it was generally disabled in a relatively early version of Joomla 1.5 as a workaround. In Joomla 1.6, the issue has been resolved, and you can once more upload multiple files to the Media Manager with just a few clicks. Finally, there is no more stories folder in the Media Manager. By default, images are uploaded to the root images folder. You'll also notice all of the old icons have been cleared out. There are no more cherries, bread, or clocks in your website, unless, of course, you put them there.
I Love Trash... Trash is available, and works like trash, in most areas of Joomla. I'll use Articles as an example. To trash an article, select the checkbox next to the article, and click the Trash icon.
To view articles in the trash, change the "select state" dropdown menu to Trash or All. This will show a listing of all items in the trash. Clicking on the trash can will only delete items, not show them in the trash.
Categories Joomla 1.6 Categories Joomla 1.6 introduces a couple of new concepts. Among them are the way categories are handled. In previous versions of Joomla we've had sections and categories. One section could have several categories attached to it. However that was it as far as hierarchy went.
Goodbye Sections. Hello Nested Categories In Joomla 1.6, sections are gone. Now the only thing we have is categories. The greatest thing about this is that you can nest the categories. This means you can create a hierarchy of categories. Each category can have one parent category, but one category may have unlimited child categories. There is no limit to the number of levels in the hierarchy. I doubt that anyone would need to have more than three or four levels, though. Adding more levels might also have some negative impact on your search engine visibility. Now, let's see how this looks in Joomla 1.6: First, we need to create a new category. This is not much different from Joomla 1.5. Go to 'Content', then 'Category Manager'. Enter a category title and click 'Save' (or the 'Save & New' that's now available in Joomla 1.6).
The next step is to create a 2nd level category.
I add my category 'Coffee beans' and choose 'Coffee' as the Parent. Again, I click 'Save & New', this time to create a third level category:
As you can see, I could go on and on doing this, adding as many levels as I need. This is how the Category Manager list now appears:
Unlike Joomla 1.5 you can easily see the hierarchy of all the categories, as well as the Alias for each category. If I now create an article, I can choose whichever category I'd like this article to belong to:
The new way of dealing with categories is more flexible than the old section-category methodology. Even though it's not yet implemented, I hope the search engine friendly URL system in Joomla will replicate the categorization. I guess third-party SEF extensions will have this solved quickly. The breadcrumbs will show the path to the category by showing all of the nested categories in the particular tree:
New Category View for Menu Items There is a new option in the Menu Item type selector for Articles. The new view is called 'List All Categories'. I won't go into details about the view, as that's another part of this series.
This is how the view looks in the front end of the site:
Category Meta Data In Joomla 1.5, you were unable to add specific meta data to the section and category pages. That's been fixed in 1.6. You can now add not only meta description and keywords, but also an 'Alternate page title' as well as the author and robots tags.
The improved category system for Joomla! 1.6 makes more sense and is more flexible to use than the old section-category system. It will be interesting to see how developers will embrace this new methodology in their extensions. The migration script from 1.5 to 1.6 is not ready yet. However, I believe the conversion from section-categories to nested categories will be among the easiest tasks for this script.
Access Control Levels 15 Minute Guide to Access Levels in ACL If you’ve heard anything about Joomla 1.6, chances are you’ve heard about two exciting new features more than others: nested categories, and something called ACL. ACL stands for access control levels. It refers to who has permission to do what on the website, including read, create, edit, delete, or log in, among other permissions. Many think of ACL as relating to the front end of a website only. For example, when I log into the website, what articles do I have available to me? And if someone else logs into the site, do they see the same articles, or do they see different ones? However, ACL also relates to who has rights to create, edit, and delete content; who can publish and unpublish content; who can log into the front end or back end of the website; and who can make changes to which components and modules. Just because you can doesn't mean you should! ACL is complex, and it takes some time to understand exactly how it works. For many sites, perhaps even most sites, you might not need anything beyond the default Joomla configuration. However, if you're building a larger site, it could come in handy. Examples of where ACL would be required include:
A company intranet, where some managers see one level of content, while employees see another A school site, where parents, teachers, students, and the public see types of content A large website with many contributors, where you don't want people changing each other's content, and trust can't or won't work A site with multiple blogs, where authors can't create or edit posts in each other's blogs, and trust can't or won't work
ACL in Joomla 1.5 Joomla 1.5 has ACL at a limited level. If you’ve worked with Joomla 1.5, you’ve seen how you can set a menu item or article to be viewable by the public, registered users, or “special” (authors and above). Likewise, you probably know that registered users can’t log into the back end of a Joomla site, but a super administrator can. Joomla 1.5 ACL is hierarchical, meaning that each user group inherits permissions from the groups below it. A full explanation of Joomla 1.5’s groups can be found at brian.teeman.net. Groups include public, registered, author, editor, publisher, manager, administrator, and super administrator. Joomla 1.5's access levels include public, registered, and special. An explanation of the access levels can be found at Revision Technology.
ACL in Joomla 1.6: Overview Joomla 1.6 ACL is not hierarchical. You can set up groups with whatever permissions you wish. These permissions are inherited from parents in the case of groups, but they are not inherited in the case of access levels. There are four aspects to the ACL system in Joomla 1.6. These include the user, the group, core permissions, and access levels. I've represented these in the following diagram to describe their relationship, and I'll go through each in detail.
User
This is the easiest one to understand — that's you, or someone else visiting the website. A user does not have to have an account to be considered a user of the website. That user would still be considered a public user. Individual users may be assigned to one or several groups. You cannot assign core permissions directly to users; these are assigned to the group.
Core Permissions
Core permissions are assigned to the group, not to individual users. (If you want specific core permissions for a single user, you would need to create a group for that single user.) Core permissions include:
Site login: the ability to log into the front of the website. Admin login: the ability to log into the back end of the website. Admin: administrative (root) privileges, such as changing Global Configuration. Manage: ability to change settings on extensions Create: ability to create new content Delete: ability to delete (trash) content Edit: ability to edit existing content which is not necessarily your own Edit state: ability to change state between published, unpublished, trash
The core permissions are set in the Global Configuration, under Site - Global Configuration, then clicking on the Permissions tab. I'll go through understanding this chart in my second article on ACL. Group
A group is a group of users who share the same permissions. Using the Joomla 1.5 groups as an example, the publisher group has the right to log into the front of the website, create new articles, edit any articles on the site, and publish or unpublish articles. Anyone in the publisher group has the same permissions to do these same things. Unlike Joomla 1.5, however, a user may be assigned to multiple groups. A user may be in the publisher group as well as the administrator group, for example. You can create your own groups and assign them their own set of core permissions. Core permissions are inherited between groups. A group might be created for two different reasons. One would be to view content on the front end of the website. The other would be to specify what content can be created, edited, deleted, published or unpublished, or managed by that group. By visiting the website, a site visitor is considered a user belonging to the public group. The public group and the registered group may not be deleted, but all other groups may be deleted. (However, I'd recommend you keep them, because they give you a good model of how permissions inheritance works.) Access Level
Access levels refer to who can see what content on the front end of the website. Essentially, this amounts to read permissions on the front end of the website.
Historically, there have been three access levels: public (which anyone can see), registered (you must be logged in to see the content), or special (you must be a logged in author or higher level group to see the content). These access levels are still present in 1.6 as default settings, but you can also create your own access levels. Access levels do not inherit their permissions. If you have an article, and you set it to be viewable by publishers only, even super administrators cannot view that article. You must be assigned to the publisher group in order to view this article. (However, as a super administrator, you are able to edit this article on the back end.)
I Want Different People to See Different Content When They Log In Now that you have a grasp on the terminology of ACL, let's look at implementing a simple system with Joomla 1.6. Before you start clicking buttons, you must start with an ACL strategy for implementing this website. Start by describing the problem you're trying to solve: For the school website I am developing:
The general public can visit that site and see most content. However, there is content behind the scenes for students and teachers. A teacher can see content specifically for teachers, all student content. and the public content. Students can only see student content (not teacher content) and the public content.
Note we talked only about the content that was seen. We did not talk about editing, creating, deleting, or managing content. This points to a reading problem — or an issue with access levels. Next, we have three groups described here: the public, students, and teachers. The Public group already exists, but we'll need to create the students and teachers groups. All these users are doing is logging into the website to see more content, so the only permission we need to assign to this group is the ability to log into the front end of the website. Essentially, teachers and students are registered users. We'll then need to create our content such that teachers see both student and teacher content, while students see only student content. Our approach to this problem will be as follows: 1. Create our groups, called "students" and "teachers". 2. Assign core permissions to our group. In this case, we're assigning the site login core permission. 3. Create our users and assign them to groups. I'll create one called "student" and one called "teacher" for our example, but in the real world, you may have many accounts to create.
4. 5. 6. 7. 8.
Create an access level for students, and another access level for teachers. Create categories for students and teachers, and assign the correct access levels. Create articles for students and teachers, and assign the correct access levels. Create menu items for students and teachers, and assign the correct access levels. Test our logins and see if they work correctly.
1. Create Our Groups
To create a group, log into the back end of the Joomla 1.6 website. Go to the top menu and go to Users - Add New Group. You'll see this screen.
1. For Group Title, enter Teachers Group. 2. For Group Parent, choose Registered. Registered users match the permissions for the teacher group (i.e. ability to log into the front end of the website). Teachers will be a subgroup within registered users. 3. Click the Save & New button, shown on the top right, to save the Teachers group and create a new group. 4. For Group Title, enter Students Group. 5. For Group Parent, choose Registered. This puts the Teachers and Students groups at the same level. 6. Click Save & Close to save our Students group and return to the User Manager: Groups screen. 2. Assign Core Permissions
Since we assigned Registered as the parent for Teachers and for Students, our core permissions inherit from Registered through our groups. The Registered group already has the core permission to log into the front end of the website, so we don't need to add anymore core permissions to these groups. 3. Create Users, Assign to Groups
Now that we have our groups created, we need to create some users to live in these groups. To do this, go to Users - Add New User, and you'll see the following screen:
Name: Enter the user's full name, in this case, Ms. Jones. Login Name: Enter a username for this person: msjones. Password and Confirm Password: Type the same password twice. Email: Enter the user's email address. (If you are not doing this for a real user, use something@example.com.)
Skip the other fields on this page, and scroll down to Assigned Groups. Note that by default, Registered is checked and Public is greyed out. This is to remind you that the Registered group inherits permissions from the Public group. Choose "Teachers" from the list. Note that the Registered option and Public option are now greyed out. That is because Teachers have a parent of Registered, which has a parent of Public. Click "Save & New", then repeat this same process for a Student login. The student's name is David Smith and username is david. Use something2@example.com if you need another email address. Assign David to the Students Group. Choose Save & Close when you're done. 4. Create Access Levels
We have our users, core permissions, and groups all set up, so now it's time to create two Access Levels, one for students, and one for teachers.
Go to Users - Add New Access Level, and you should see this screen:
For the Level Title, enter Teachers Access Level. Then check the boxes next to Teachers Group. This will allow only teachers to see the Teachers Group content. Click Save & New, enter Students Access Level for the Level Title, and check the Students Group and Teachers Group boxes. This means that teachers can see this student content, in addition to students seeing the student content. Click Save & Close to leave this screen. 5. Create Categories
On this website, I have created a category for teachers (under Content - Add New Category):
I also created a category for students. It's set up the same way, except the title is Students Category and the Access is Students Access Level.
6. Create Articles
Next I set up an article for Teachers, in the Teachers category. To create a new article, go to Content - Add New Article.
The fields I completed were:
Title: This Article is for Teachers Category: Teachers Category State: Published Access: Teachers Access Level Article text: enter some dummy text.
Click Save & New, then repeat the process for students:
Title: This Article is for Students Category: Teachers Category State: Published Access: Students Access Level Article text: enter some dummy text.
Click Save & Close when you are done. While I have created only one article for each group, I could create as many articles as I wished.
7. Create Menu Items
Next comes the menu. In the Main Menu (under Menus - Main Menu), we'll add two links, one for teachers and one for students. To create the link, I went to New (upper right corner), chose Category List for the menu item type, and entered the other information as below:
Title: Teachers Information Menu Item Type: click Select, then Category List State: Published Access: Teachers Access Level Choose a Category: Teachers Category
Click Save & New, and repeat the process for students:
Title: Students Information Menu Item Type: click Select, then Category List State: Published Access: Students Access Level Choose a Category: Students Category
Click Save & Close when you're done. (Normally, I would have displayed this as a single article. However, the single article choice wasn't working for me, but category list was -- so we have a category list instead.)
8. Test Our Logins
We've finally configured everything required to have different content for students and teachers on our website. Before testing, disable the cache on the website. (This is due to a bug in Joomla 1.6 beta 6.) To do this, go to Site - Global Configuration, System tab, and set Caching to OFF.
Click "Save & Close" once you've made this change. Now, go to the front end of the website. Enter your login information in the login box. Enter the username and password for the teacher, Ms. Jones. Remember that's msjones as the username and whatever you entered for her password. If you've done everything right, you should see two links in the main menu, one for "Teacher Information" and one for "Student Information". (If you have the sample data installed, you'll need to scroll down to the "This Site" menu to find your links.) Return to the login page to click the Log out button. Now repeat the process as David Smith, the student, with a username of david and the password you gave him. If you've done everything right, you should see one link in the main menu for "Student Information".
Conclusion If you've followed this example all the way through, it probably took you about 15 minutes to complete, perhaps longer if you are new to Joomla 1.6.
Just because you can, doesn't mean you should! ACL can be time consuming for you and for your client, and it might be extremely confusing to use. A few wrong settings and the wrong people can see the wrong information, so be very careful in your testing to make sure this works properly. In my next article on ACL, I'll cover setting up permissions for creating, editing, and deleting content; editing state; logging into the front or back end of the website; managing extensions; and admin permissions.
Access Control Levels This article covers "The Full ACL": who gets to create, edit, delete, change the state, manage, administer, and log into the website. Yes, that's basically any permission except for read! Why would you want to configure this aspect of ACL? You might use The Full ACL in the following situations:
You have users who should be able to create and edit content for the website, but they can't necessarily publish content. What's more, you have two or more groups of these users who need to create and edit content belonging to different areas of the website. You would like a user to be able to edit specific modules, but leave other modules untouched. You would like a user to be able to log into the back end of the website, access controls for a single component, and touch nothing else.
Sound exciting? Yes,the controls that The Full ACL brings us for maintaining our Joomla websites are very exciting. But perhaps you feel a headache starting somewhere? That's completely normal. ACL is NOT straightforward or simple to configure. Use The Full ACL with caution. It's possible to completely lock yourself out of your website if you're not careful. Just because you can doesn't mean you should!
Review As a refresher, let's define our terms for The Full ACL as it pertains to this article:
User
This is the easiest one to understand — that's you, or someone else visiting the website. A user does not have to have an account to be considered a user of the website. That user would still be considered a public user. Individual users may be assigned to one or several groups. You cannot assign core permissions directly to users; these are assigned to the group. Core Permissions
Core permissions are assigned to the group, not to individual users. (If you want specific core permissions for a single user, you would need to create a group for that single user.) Core permissions include:
Site login: the ability to log into the front of the website. Admin login: the ability to log into the back end of the website. Admin: administrative (root) privileges, such as changing Global Configuration, as well as assigning permissions. Manage: ability to change settings on extensions, including templates. Create: ability to create new content. Delete: ability to delete (trash) content. Edit: ability to edit existing content which is not necessarily your own. Edit state: ability to change state between published, unpublished, trash.
Group
A group is a group of users who share the same permissions. Using the Joomla 1.5 groups as an example, the publisher group has the right to log into the front of the website, create new articles, edit any articles on the site, and publish or unpublish articles. Anyone in the publisher group has the same permissions to do these same things. Unlike Joomla 1.5, however, a user may be assigned to multiple groups. A user may be in the publisher group as well as the administrator group, for example. You can create your own groups and assign them their own set of core permissions. Core permissions are inherited between groups. A group might be created for two different reasons. One would be to view content on the front end of the website (covered in a previous article). The other would be to specify what content can be created, edited, deleted, published or unpublished, managed, or administered by that group, which this article covers. By visiting the website, a site visitor is considered a user belonging to the public group. The public group and the registered group may not be deleted, but all other groups may be deleted. (However, I'd recommend you keep all groups, because they give you a good model of how permissions inheritance works.)
The Default Groups
By default, Joomla 1.6 comes configured with the same groups as appear in Joomla 1.5. The groups and their core permissions are as follows (consider singing along to "The 12 Days of Christmas" while reading):
Public: Public can see the content on the front end of the website that is not hidden behind a login. They have no core permissions. Registered: Registered users can log into the front end of the website only. Registered users are children of the Public group. They are assigned the Site Login permission. Author: Authors can create their own content via the Create permission. Authors are children of the Registered group. They inherit the Site Login permission from Registered users. Editor: Editors can edit any content on the site via the Edit permission. Editors are children of the Author group. They also inherit the Create permission from Authors and the Site Login permission from Registered users. Publisher: Publishers may publish, unpublish, or trash content via the Edit State permission. Publishers are children of the Editor group. They also inherit the Edit permission from Editors, the Create permission from Authors, and the Site Login permission from Registered users. Manager: Managers may delete content via the Delete permission and log into the back end of the website via the Admin Login permission. Managers are children of the Public group, so all permissions previously assigned to Registered, Author, Editor, and Publisher groups do not apply to Managers. They must all be reassigned individually. Administrator: Administrators are able to edit and configure extensions (this now includes templates!) via the Manage permission. Administrators are children of the Manager group, so they inherit the Site Login, Create, Edit, Edit State, Delete, and Admin Login permissions from them. Super Users: Super Users (formerly Super Administrators) are able to change Global Configuration as well as other abilities via the Admin permission. Super Users are children of the Administrator group. They inherit the Manage permission from Administrators and the Site Login, Create, Edit, Edit State, Delete, and Admin Login permissions from Managers.
The default groups and their permissions are represented in the Global Configuration (under Site - Global Configuration - Permissions).
Understanding Core Permissions in Global Configuration
Each one of the dropdowns shown here has three options: Allow, Deny, and ... I've shown the Create permission from the Publisher group above, but all dropdowns are the same.
Allow means something is explicitly allowed or permitted for a specific group. Deny means something is explicitly denied or not permitted for a specific group. ... means the permission is not set. If a permission is available from lower level groups (the groups listed above it in the table), it will inherit that permission. If there are no settings to inherit, this permission is denied.
Read across each row to see the permissions set specifically for a given group. For the Public group, there are no core permissions set. As you might expect, Public users are not allowed to log into the front end of the website, among other permissions. They are not explicitly denied from doing this, however — they are denied because there is no permission explicitly set. For the Registered group, the Site Login permission is allowed. Everything else is not set. Registered is a child of Public, so it does not inherit any core permissions. For the Author group, the Create permission is allowed. Author is a child of registered, so it inherits the Site Login permission from Registered. Remember that ... means to inherit from a lower level group (Registered), or deny if there is nothing to inherit. Follow the examples for Editor and Publisher. Editors are allowed to edit plus inherit Create and Site Login from lower groups. Publishers are allowed to Edit State plus inherit Create, Edit, and Site Login from lower groups.
Note the Manager has several permissions assigned: Site Login, Admin Login, Create, Delete, Edit, and Edit State. Note too that Manager is a child of Public. Because Manager inherits no core permissions from Public, it must have those permissions set in this screen. Administrators add the Manage permission, while Super Users add the Admin permission. Special note: Historically, Authors have been able to create content as well as edit their own content (but not all content as with the Edit permission). This is not possible in Joomla 1.6 Beta 6, but it has been flagged as a bug. It seems that the Create permission will also allow editing of the user's own content once it is fixed.
All About Deny You might be tempted to set all of these dropdowns to specifically say Allow or Deny so it's easier to read. However, I would strongly encourage you NOT to do that. If Deny is set in the permissions, even if you set an Allow for a higher level user group, the lower level Deny would be inherited and would override the Allow. For example, if you set the Public group dropdowns to Deny for all, there's no point in having any higher level groups! Everyone would be denied from doing anything on the website forever. That would also mean you're locked out of the website as a Super User. (Locked out of your site? Read below to find out how to get back in.)
I Want Different People To Edit Different Content On My Site For our school site, we'd like to have two teachers, Ms. Jones (who teaches history) and Mr. Smith (who teaches art) to be able to make additions and changes to the website. These teachers should be able to create, edit, delete, and publish content on the website. They should be able to do this from the front end or the back end of the website. However, they should be restricted to completing these tasks for their class only. They should not be able to touch anything elsewhere in the website. For the sake of simplicity, we'll assume that all content is readable by the public on the front end of the website. This does not have to be the case, though. We could set this up such that students in each class are able to read the content, but not the general public. To learn how to do that, see the first article on ACL. Our approach will be as follows: 1. Create our groups, called "History Department Group" and "Art Department Group". They will be children of the Publisher group, which has most of the permissions they require. (Remember that a user must be in a group as permissions are assigned to groups and not to users. Even if you have only one person, they must still be assigned to a group.) 2. Assign core permissions to our group. In this case, we're assigning the Delete permission, which the Publisher group does not have.
3. Create our users and assign them to groups. I'll create a user called "Ms. Jones", who is in the History Department Group, and another called "Mr. Smith", who is in the Art Department Group. 4. Create a category and assign permissions for Ms. Jones called "History Category" and a category for Mr. Smith called "Art Category". 5. Create articles for the History Category and Art Category. 6. Create a category list layout for the History Category and another for the Art Category. These will be visible by the public on the front end of the website, but only editable by the users in the History Department Group and the Art Department Group. 7. Test our logins and see if they work correctly. 1. Create Our Groups
Go to Users - Add New Group. Enter History Department Group as the Group Title. Choose Publisher as Group Parent. Click Save & New. Enter Art Department Group as the Group Title. Choose Publisher as the Group Parent. Click Save & Close. You now have two new groups.
2. Assign core permissions to our groups.
In this case, we're assigning the Delete and Admin Login permissions, which the Publisher group does not have.
Go to Site - Global Configuration - Permissions Set the Delete permissions for the Art Department Group and History Department Group to Allow. Remember that they will inherit Create, Edit, Edit State, and Site Login permissions from the Publisher group and its parents. Click Save & Close.
3. Create our users and assign them to groups.
I'll create a user called "Ms. Jones" and another called "Mr. Smith" for our example.
Go to Users - Add New User Enter Ms. Jones' name, login name, and email, and assign her to the History Department Group. Click Save & New, and repeat this process for Mr. Smith, assigning him to the Art Department Group. Click Save & Close.
4. Create a category and set permissions
We'll create two categories, one for the History Department Group called "History Category" and a category for the Art Department Group called "Art Category".
Go to Content - Category Manager Click New Enter the category information as follows: o Title: History Category o Parent: No Parent o State: Published Click Save & New, and repeat: o Title: Art Category o Parent: No Parent o State: Published Click Save & Close.
Next, under Category Access Rules on the right side of the screen, check the summary of options.
This is a summary of the create, delete, edit, and edit state permissions for this specific category (in this case, History). Note that the Art Department Group and History Department Group have the same permissions as the Publisher group, except for Delete, which was added to these groups in step 2, in the Global Configuration. Now, we'd like to set this so that the History Department Group is able to create, delete, edit, and edit state for the History Category, but the Art Department Group is denied from doing any of these actions. Clicking through the tabs on top, the screens are set up in the following way: Create:
Delete:
Edit:
Edit State:
Final Summary:
To draw some conclusions from this:
Art Department Group may not change anything in the History Category. History Department Group has full control: create, edit, delete, edit state A standard Publisher is also able to create, edit, and edit state in the History category. If you wanted to exclude Publishers from create, edit, and edit state, you should create the History Department Group as a child of Public, rather than a child of Publisher. This could give them the ability to be the only group who could create, edit, edit state, and delete content within the History Category.
Repeat the same process with the Art Department Group and the Art Category. The end result should be this:
Note that for every other category on this website, the Art Deparment Group and the History Department Group should not be able to make any changes to the content. That means for any remaining categories on the website, you'll need to configure them like this:
When ACL is working correctly (which it is not yet in Joomla 1.6 beta 6), the permissions on the category should cascade to the article. By setting permissions at the category level, the users creating articles do not need to set permissions for each individual article. That's pretty important to your maintenance plan, because understanding how to set the permissions correctly can be difficult! 5. Create articles for the History Category and the Art Category.
We'll create two articles for each category as an example, but you may create more if you wish. Be sure to set the category for each article correctly (to either the History Category or the Art Category) and make sure the articles are published. 6. Create menu items for the History Category and the Art Category.
All articles will be visible by the public on the front end of the website, but they only editable by the History Deparment Group and the Art Department Group. (If you want to make them visible to select audiences, this is where access control levels come in. They were covered in a previous article.) I am creating two category list layouts, one for the History Category and one for the Art Category. 7. Test our logins
I've logged into the site as Ms Jones. I've gone to an art article, page, but I have no edit icon:
But if I go to a history article, I can edit that.
Be aware that in setting up this example, you may encounter two bugs along the way. 
No matter how you're logged in, you can create a new article in any category you choose. They all show up in the category dropdown menu. However, once you've created the article, you won't be able to edit it. EXAMPLE: Log in as Ms. Jones, create an article for the Art Department Category. Save, publish — it shows up in the category list layout. However, you will not be able to edit the article.
In editing an article in Firefox 3.6.8 on PC, I was unable to click the Save button and have it work. Save worked for creating an article but not editing it.
I'm Locked Out Of My Site It's possible to lock anyout out of the back end of the website — including Super Users with Admin permissions — by setting the Site Admin permission to Deny. That could happen specifically at the Super User group or at the Manager or Administrator group level. If Manager or Administrator is set to Deny, the Super User would inherit Deny from these groups, even if the Super User group is set to Allow. Fortunately, there is a "back door" that will let you log into your website again. You must have access to the files on the web server in order to make the back door work. You can either use FTP to access the files, or you can go through your site's control panel to a file manager and edit the files on the server. However you access your files, you'll need to edit the configuration.php file, located in the root of your website. You will need to know the Super User username or their ID. Let's assume that the Super User username is johnsmith for this example. (For security reasons, it's strongly recommended that you use something other than admin as a username for your Joomla site.) Add this line of code to the bottom of configuration.php: public $root_user="johnsmith"; If you would prefer, you could also use the ID of the user (although it's less likely you'd know this without looking up the number in the database): public $root_user="42";