Just because you can…
I have been saying this an awful lot these days. Just because you can, doesn’t mean you should.
By default, Joomla 1.6’s ACL is configured to be very close to Joomla 1.5’s ACL. There are 8 user groups, which have the permissions you’ve come to expect with Joomla 1.5, with a few minor variations. (For example, Administrators can now edit templates by default, something they could not do in Joomla 1.5.)
ACL can get very complicated very quickly, particularly if you go beyond the “who sees what” aspect of ACL.
Be sure to ask yourself if ACL is really, really required for this website. For many small businesses and non-profits, only one or two people are editing the website anyway. Can you trust that users will edit only what they are authorized to edit? Typically, in a small work environment, this “honor system” works just fine.
If the implementation is hard to explain, it’s a bad idea.
Comparing Joomla 1.5 and Joomla 1.6 ACL
|Joomla 1.5||Joomla 1.6|
7 user groups, which cannot be expanded:
8 default user groups, which can be expanded:
Public user group cannot be deleted, but all other groups can be deleted.
|Groups inherit permissions from their parent.||Groups inherit permissions from their parent. However, you can assign any permissions to any group.|
|Read permission is treated as a separate system, called access levels||Read permission is treated as a separate system, called access levels. Access level permissions are not inherited between levels.|
Three access levels, which cannot be expanded:
Three access levels by default, which can be expanded or removed provided no content is assigned to them:
I’ll be covering more about Joomla 1.6’s ACL system in coming posts.