One of the biggest challenges in using Joomla as a business website is the lack of sufficiently granular permissons. Granular permissions? That's geek-speak for the ability to set who can access what on the website.
Please Pass the Granulated Permissions
To date, Joomla 1.0 and 1.5 have only had the most rudimentary system for setting user's permissions:
As you can see, these broadly-defined permission levels harken back to the days when Joomla was primarily for news portal websites. Those permission levels names wouldn't be so bad if we could actually define specific content, component, and asset access rights to each permission level, but alas, they are hard-coded. Worse yet, the only real way to determine the specific access rights of each level is to assign the level to your own account and see what you can and cannot change.
Nowadays, lots of people use Joomla for their business websites and business owners want to control who gets to see what on their websites. The idea of content simply being published or not published doesn't cut it anymore.
Enter Joomla 1.6 with advanced ACL permissions. ACL stands for Access Control List, but it is often referred to simply as the access control system. Sunday October 25th saw the release of Joomla v1.6 Alpha 2 and I've had a chance to play with the new ACL system and I'm liking what I'm seeing.
The ACL as seen from the main menu
(click to zoom)
First off, the new ACL is comprehensive in that you, as the super admin, will be able to contol not only who gets to see what content on the site, but also who can access specific components in the back end of the site. In other words, not only will you give user groups specific permissions to use content, but also to use specific site features. For example, you can give a user group permission to edit the banner component, but not edit the site menus. Nice!
The Menu Manager component can be given specific access permissions.
(click to zoom)
Users and Groups
As with all ACL systems, permissions can be set at the individual user level, but only so far as assigning each user to a user group. This approach is identical to the old system where users were assigned to static, pre-defined groups such as "publisher" or "editor", but unlike Joomla v1.0 and v1.5, now you can create and define new groups on-the-fly.
Individual site user's permissons detail page where you assign the user to a group or groups.
(click to zoom)
The Groups menu
You setup groups as needed when you want to create a set of pre-defined permissions. Up until now, groups in Joomla have been named based on what tasks that group would performing as they interacted with web site. For example, authors created articles and editors edited articles and publisher published articles. Now, however, as you can see by the above image, we have a group named "Park Rangers". This is a name based more on that group's site content needs rather than on the group's site activities. This opens up a lot of possibilities for using groups in a business website context rather than what we found in the traditional news portal context.
For example, you could have a group called "Preferred Clients". Members of this group might be able to see special content, or take advantage of special reduced pricing when e-commerce component developers start developing their offerings to tie into Joomla's new ACL system.
Group detail page. Note: I am still unsure how "Actions Permitted" works.
Content Permissions
Joomla 1.6 does away with content "sections" and now all article content is simply grouped under categories. Both the categories and the individual article items can have specific permissions applied. This will be a boon to business websites that want to create client-specific content, such as agreements, instructions, or even billing data.
Individual article access details
(click to zoom)
Categories allow for explicit create, delete, and edit permissions for each group.
Access Levels
Warning: The following is pure speculation!
The access levels seems---and I'm just guessing here---to allow you to take two or more group permissions and group them under one name. This group of groups, if you will, can then be assigned to a module. Lemme 'splain.
Say you want three of your groups, Managers, Administrators, and Super Users, to have access to a menu module called "Resources". Each group has specific permissions that give them exclusive access to different content and components on the site, but now you want them all to be able to see the links in this Resources menu. To do this, you assign all three groups to, say, the "Special" access group. Later, when you create your new menu module, you only have to select the "Special" access group and not tick-off countless groups. Here are some images that I hope make this clearer:
Here's the Access Level menu that shows access levels called "Public," "Registered," "Special," "Confidential".
The Access Levels menu
Inside the Special access level detail page. This is where we assign our groups.
When we create our Resources menu, we only have to assign the "Special" access level
to enable the Managers, Administrators, and Super Users groups to see it.
Verdict
I haven't been able to do any exhaustive testing of the ACL to date, but suffice it to say it appears on first blush to be intuitive and easy-to-use. And that, my friends, is one of the great challenges in ACL design: blending power with ease of use. Typo 3 is a CMS that has an extremely powerful and highly granular permissions system, but it's a bugger to use. Same goes for the phpBB v3 forum system which has one of the most ridiculously convoluted permission systems I've ever seen ... and it didn't have to be that way!
So kudos to the Joomla devs on what they've accomplished ... and considering what it started out as with weird rule types and such, I think they've done a fantastic job so far.
