Introduction to Joomla Access Control Lists

Joomla is a popular open-source content management system used on millions of different websites. It has hundreds of great features built into its core system, and many more that can be installed using a convenient plugin system. Webmasters who use Joomla need to become familiar with the various features so that they can build the best website possible. One of the most powerful features (which is often overlooked or under used by site owners) are the access control lists (ACL). Access control lists give the site owner the ability to decide who can do what on the site. Learning about this great feature is essential for anyone using, or considering, Joomla as their CMS.

What is the Joomla ACL?

Joomla’s ACLs allow an administrator of a website to create and control various different roles. Users of the site, as well as visitors, can then be assigned to specific roles according to their roles or activities. The ACLs are broken up into two separate sections. The first are the user viewing access levels, which are for visitors to the site. The second is for user action permissions, which is for administrators, content contributors, moderators, and others who will need to perform actions on the site itself.

User Viewing ACL

The user viewing ACL will allow you to set up groups with different permissions based on a variety of factors. The most common way to use this system is to have one group that is for users who are visiting the site as a guest, and another group for those who have registered with the site. It is also possible to create child groups under each parent group to further control who has access to what. For example, a popular type of child group would be for users who have not only registered for the site, but also made a purchase. These users may need access to pages such as a return policy, a dedicated customer service area, or a billing page.

When creating any parent group, it is important to remember that all the child groups under it will inherit the same permissions. So, the highest level parent group should be given the most restrictive permissions, and additional permissions are added in child groups as they are needed.

User Action ACL

The action permission system works in much the same way as the viewing ACL system. The difference is only in regard to what type of permissions will be granted. The permission options for actions are broken up into several levels, which include global configuration level, component level, and article level. These apply as follows:

  • Global Configuration Level – This level will grant all users who will have any type of action permissions the basic controls they need. This will include things like allowing the user to log onto the site, into the administrator page, offline access, and more.
  • Component Level – Under the component level users can be assigned permissions to edit specific components of the site. This could include banners, contacts, languages, plugins, and more.
  • Article Level – This is the level where users are given permissions to create, edit, and publish articles on the site.  It can also be used to provide access only to specific articles, or to articles that this user published.

An example of how the permissions setting look in Joomla can be seen in the image below. This image is showing some of the options available for global configuration:

Permissions setting in Joomla

This ACL system allows the administrator to allow moderators, writers, and others to have the ability to access the portions of the site that they need, while still restricting them from areas that they shouldn’t control. Setting up access control lists properly from the beginning will make the management of a Joomla site in the future. There will be no need to adjust permissions on a case by case basis, and the users will only have access to that which they really need.

Joomla ACL Addons

The access control list system included with core Joomla is powerful and will allow an administrator to precisely grant and restrict just about any permissions they desire. While this will be more than sufficient for most site owners, there are additional options available through Joomla addons. These third-party addons provide additional functionality or adjust the user interface for ACLs, which some people may like. Whether addons are used or not, the Joomla access control lists are an essential part of running any site.