Tutorials, reviews, case studies and other tips to help website owners and website developers master the Joomla content management system.
First steps with the Joomla ACL
The Joomla Access Control List (ACL) feature in versions 1.0 and 1.5 was very simple. Many developers found the system to be adequate, but far more did not and several third party ACL extensions were developed. The introduction of version 1.6 saw a massive change in the way ACL works. Although this feature is now well over a year old, we haven't discussed it much. Many of you are beginners and may see no need to use it. So let's start by talking about the advantages of using the ACL.
Broadly speaking, the ACL lets you create rules (permissions) on who can "view" and who can "do". Viewing permissions are useful for both the frontend and backend (Administrator). Certain frontend content items can be hidden from the public so only a select group of users can view those items, after they login. The same applies to Administrator. Instead of sharing a single account to access Administrator, it's best to provide each user with their own login, so you can easily delete an account if someone leaves your organisation. The doing permissions relate to what a user can do with content. You can create rules specifying who can write content, edit it, publish it and more. For example you might allow anyone to write an article, but items are not published to the site until reviewed by someone with a higher set of rules - an editor.
Creating permissions is a subject I'll tackle on another occasion. The first thing to understand about ACL is how to get users into your database. There are three main methods; manual data entry in Administrator, self-registration from the frontend or with an extension.
Adding users from Administrator is easy. Go to Users - User Manager - Add New User. Enter a name, username, password and email. Assign the user to one or more Groups and Save. If you have a lot of users to enter, this is a long and boring process.
Depending on your needs, it might be appropriate to allow your site visitors to register themselves as a user. The Joomla registration routine allows people to register on the frontend and when their registration is approved, they are added to a group you specify (this is usually the "Registered" group). Approval can be automatic, or the user needs to confirm a link in an email or the record can be set as pending until approved by an Administrator.
The third option is to use a free extension called Userport.
What it lacks in appearance and usability is outweighed by its functionality. As long as you feed it data in the correct format, it works. You would presumably use this option in conjunction with an existing database. So the first step is to export your existing user list from whatever software you're using. Then import this into a spreadsheet, if it isn't already, and format it to be Joomla friendly. And that's the part you may find challenging, depending on your level of understanding of spreadsheets. For example, your users' names might be in two fields; first name and last name. But these need to be a single field in Joomla. Also, each user needs a unique username, so how do you generate that field? Our upcoming Joomla Users tutorials demonstrate how to overcome these challenges, so you can take advantage of this extension and avoid the hassle of manual data entry.
Now you understand the three possible ways of getting users into the database, you can plan what they can and can't view or do on your website. And that's the topic for next time.
If you have any questions or comments about this aspect of the Joomla ACL, please write below.