Access Keys:
Skip to content (Access Key - 0)
Home (Access Key - 1)
All spaces... (Access Key - 3)
Log in (Access Key - 5)
Sign up (Access Key - 6)
Administration

Mambo Manual is part of the documentation project for the Mambo open source content management system
Toggle Sidebar

User Group Access Levels

Explanation of Mambo user group access levels.

Foreword

I've never been able to locate a "Plain Talk" version of how Mambo's access groups work, so I thought I'd attempt to create one myself. I created this in the process of doing training documentation for a client. I hope this helps out those of you who have had a hard time finding resources to explain the concept, and I'd appreciate comments and corrections. Note: I am NOT a core developer, just a developer who wants to give something back to the community.

Audience

This document is targeted at new users who have successfully completed a Mambo install and have accessed the Administration Backend, and upon creating their first, users wondered what the heck those Group levels mean!

Mambo controls access to certain areas and features of a site through use of a basic ACL, or Access Control Level mechanism called Groups. Certain groups have certain access level features and they are directly related to the creation, editing and publishing of content (through the Frontend and Backend interfaces) as well as to access to the Administrative (Backend) interface.

Each group has different levels of access control and once a user is made a member of that group, they inherit those rights. Note that the 'Public Frontend' and 'Public Backend' groups are merely placeholders at this point in time. They are not valid group selections at this time, but in the future, they will define the default access levels for anonymous users in the Frontend and Backend systems. The Mambo ACL is currently undergoing further development to allow greater control over aspects and access to the site.

Frontend User Groups

There are four (4) Frontend groups available:

Registered

  • This group allows the user to login to the Frontend interface. Registered users can't contribute content, but this may allow them access to other areas, like a forum or download section if your site has one.

Author

  • This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content. When content is submitted by an Author level user, they receive the message, "Thanks for your submission. Your submission will now be reviewed before being posted to the site." They can edit only their own articles but only when that article has been published and is visible.

Editor

  • This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published. If your site uses the default installation's menu option "News", which is a Table List - Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list. Still, Editor users cannot, publish or change the publishing status of any articles, even their own.

Publisher

  • This group allows a user to post, edit and publish any (not just their own) content item from the Frontend. Publishers can review all articles, edit and change publishing options but they can also determine when an article is ready for publication, making it visible to Registered, Author and the Unregistered Public (depending on what visibility was chosen in the article, of course!)

Administration User Groups

There are three (3) Administration section groups that allow access to Mambo:

Manager

  • This group allows access to content creation and other system information from the Backend. Think of Manager users as Publishers, with Backend access. They can log in through the Administrator interface, but their rights and access are generally restricted to content management. They can create or edit any content, access to some Backend only features like adding, deleting and editing Sections and Categories, editing the Front Page and Menus, but they don't have any access to the "Mechanics" of Mambo, like user management or the ability to install components or modules. Note that if a Manager logs in through the Frontend interface, they're treated just like a Publisher, with the same rights and access.

Administrator

  • This group allows access to most administration functions. An Administrator user has all the privileges on the back end of a Manager, but they also have access to set options on, and install/delete components, modules and bots, User Manager access and can view the site statistics. What they cannot do however is change, edit or install Site Templates or make any changes to the sites Global configuration options. On login through the Frontend, they are treated as Publishers, just like the Manager users. Interesting to note; when an Administrator accesses the User Manager list, they will see all users at their access level or below; in other words they can modify any user EXCEPT a Super Administrator - in fact, they will not even see Super Administrator accounts in the list! Also, they cannot create additional Super Administrator level accounts, only a Super Administrator can do that.

Super Administrator

  • This group allows access to all administration functions. Only another Super Administrator can create or edit a Super Administrator user account. Full access to ALL AREAS is given to Super Administrators, and once created they cannot be deleted - EVEN BY ANOTHER SUPER ADMINISTRATOR! (Users with access directly to the MySQL database may be able to manually delete these users, but it is not for the timid and can result in a full lockout!)

Because of this, give a bit of thought to who you need to grant this highest level of access to. Super Administrators, while they cannot delete another SA can block the user from logging in or change the password on another SA account. Like the other Backend user accounts, SA's are treated as Publishers when they login through the Frontend interface.

Summation:

As mentioned previously, the Mambo ACL is currently in further development as of the writing of this document and will provide new features and greater control. However these enhancements won't be seen until Mambo 5, currently expected sometime in 2007, so the previous overview will be what most users and administrators will see for the foreseeable future.

Components have recently been made available to extend the Mambo ACL, including JBAM by konlong (http://jbam.joomlasolutions.com/) which seems to be the most complete and popular, but due diligence should be exercised with ANY ACL extension - not only in how it affects currently available add ons for Mambo, but also how it may affect any new core versions that will be released in the future. This is not an endorsement of any specific project or an indictment; merely a bit of advice to use common sense. There are other posts in the forum that deal with ACL extensions, and it would be a good idea to read them and ask questions before embarking on any changes.

Hope this helps new users to understand the ACL schema in Mambo. If it did, please refer others to it - if not, please help out, make suggestions, GET INVOLVED! Also, if you speak another language besides English please consider posting a version of this in your native tongue to help others out as well.

Written by Robert Anthony Pitera

http://www.westofeast.com/ Published with permission.

Toggle Sidebar
Space Navigation
Added by Chiel Huijskes on 30 Dec, 2007 20:53, last edited by Lynne Pope on 18 Sep, 2008 05:10

Adaptavist Theme Builder Powered by Atlassian Confluence
Free theme builder license