Tutorials, reviews, case studies and other tips to help website owners and website developers master the Joomla content management system.
The 5 steps to securing Joomla content
Last week I discussed the three ways on how to get users into the Joomla database. These users can then be allocated certain permissions, such as who can view content and who can manage content. It's helpful to think of these two tasks as "viewing" and "doing". This post explains the 5 basic steps on how to restrict who can view content on your Joomla site. In summary these steps are:
- Create users
- Create groups
- Assign users to one or more groups
- Create access viewing levels
- Set the access feature within articles, categories, menus or modules
Actually depending on whether you're building a new site or adding ACL functionality to an existing site, it might make sense to create groups first and then users. In that case, you only need three steps as you would create groups, then when you create the users, you would allocate them to a group at the same time. But in this case I'm going to assume you already have some users in your system. If not, review last week's post as that covers three ways to create users. That's step 1 complete.
Step 2 is to create groups. This is done in Administrator at Users - Groups. Joomla is installed with certain groups, and in many cases the defaults are adequate. For example, if you just need a single level of protection, stick with the default Registered group. This allows you to assign all your sensitive content into one group. All users who need access to view this content would then be allocated to this Registered group.
However the Joomla ACL is far more powerful and if you need to, you can create multiple groups. For example if you manage a school website, you might have one set of articles that should only be accessible by teachers and another set of articles that are accessible by both teachers and students. In this case, you would need two groups; teachers and students.
Once all the necessary groups are in place, you're ready for step 3. Edit every user record and use the Assigned User Groups checkboxes to allocate each user to one or more groups. If your site is new, or if you only have a small number of users, this is relatively painless. But if you have a large number of users, this process could take hours. Fortunately Joomla comes to the rescue with its batch process feature. Use the check box next to each applicable user and then choose the appropriate group from the batch process drop-down menu. Select Add to Group and click the Process button. The users you selected will then be added to the group. You can repeat this process if you need to add users to multiple groups.
Step 4 is to create viewing levels. There is a good chance that all you need to do is create levels to match the groups. Once again if you just need one level, stick with the existing Registered level. Or if you have two groups, create two matching access viewing levels. This is found at Users - Access Levels. Creating a new level is easy. Click New - give it a title and select the group or groups that should be included in this level.
And finally step 5 is to decide what content you need to restrict. This can be done at the article, category, menu level or with modules. Let's say you wish to hide all articles in a particular category. Go to Content - Category Manager and edit the category. Change access from Public to the newly created access level.
All articles in that category will now only be visible if a user belongs to a group that belongs to that access level. This might seem like a complicated method, but the Joomla ACL is flexible to accommodate all sorts of scenarios.
This process and much more is demonstrated in the revamped version of our Joomla Users series which is part of our Joomla Pro course. This is in production right now and will be available soon.
Next week I will explain the steps to restricting who can create and edit content.