user level

  • Sometimes the Joomla site owners get a bit paranoic after a time, due to lot of hype about site security. Basically is nothing wrong with, a good site security is based on keeping your accounts secure. But what about when you are hired to do something in a Joomla site and you got ALL access (including FTP and database access) but you discover, that the Joomla account you received is only an Administrator. You can do a lot as an Administrator - but often not enough! Don't tell me, that this never happened to you - unless you are a Joomla rookie. What you can do?

  • What? A shopping cart with users which can't actually shop?

    Weird or not, that was a recent request from one of my customers. He wanted to have a quick way to prevent some of his users from putting products in cart, but leave all other site functionality intact.

  • After struggling for years to set up menu items shown only for guest visitors in various Joomla/Mambo versions prior Joomla 1.7, was a real relief to have an easy and foolproof way to do it. No hacks needed, no scripts to add, no configuration trickery... you simply selected from the Access Level dialog the Guest access group for anything qualifying for this settings (modules for example, but not only..) and you where set! And if you upgraded your site from Joomla 1.7 to Joomla 2.5 the feature where still there. Recently I had a big surprise, I needed the feature in a brand new Joomla 2.5 site... and don't found it!!

  • In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending on Joomla version) to prebent hackers using the well known username and user ID to start dictionary attacks or carry out successful SQL injection attacks against your site, but how? If you go to Joomla user manager, and want to simply delete it, you can't. More, you can't even disable it! WTF...
    Hey, it's not that complicated!
    Let me show you how can you do it in a simple - and fool-proof way!

  • One of the problems many users are facing when start they Joomla based site is, that the user information Joomla collects during registration is scarce - username and password often is not quite enough for their purposes. And the first reaction usually is to install a community solution, like Community Builder, JoomSocial or other, fancy user management tool - a sledgehammer to crack a nut.

  • The Frontend is a collective term to name the areas of the website as visitors or registered users see it. A registered user normally works only in the frontend. It is like in a store, where the goods are displayed in shop windows and on shelves. Here you can have a look around.

    So, in nutshell: it's everything an unregistered user (Guest) and all other registered users, withouth administrative user rights (the members of main Registered group and it's subgroups) can see.

  • Sometimes, if more people work on the site, you can get locked out of a certain module or article because the site thinks someone else is still editing that item. When opened, each Joomla item is checked out, this way Joomla protects each editable item from being edited by two separate users at the same itme, and this way avoiding potential confusion and other obvious problems.

  • Beginning with Joomla 1.6 it's possible to lock anyone out of the back end of the website — including Super Users with Admin permissions — by setting the Site Admin permission to Deny. And this is something you can do accidentally against yourself by playing with the permissions without knowing how exactly these settings are working. That can have unpleasant side effects especially at the Super User group or at the Manager or Administrator group level. If Manager or Administrator is set to Deny, the Super User would inherit Deny from these groups, even if the Super User group is set to Allow.

  • We all know that Joomla is all about collaboration. And anyone who had set up at least one instance of Joomla knows, that there are multiple levels of access in Joomla, among them one called Author who is supposedly able to submit an article to a Joomla site from the frontend.

  • Despite claims to the contrary Joomla 1.5 does have an ACL system. It may be rudimentary but when fully understood can be very useful.

  • ACL stands for access control levels. It refers to who has permission to do what on the website, including read, create, edit, delete, or log in, among other permissions.

    Many think of ACL as relating to the front end of a website only. For example, when I log into the website, what articles do I have available to me? And if someone else logs into the site, do they see the same articles, or do they see different ones?

  • By default, across all Joomla versions from Joomla 1.0, through Joomla 1.5, Joomla 1.6 to the Joomla 1.7 the basic structure of default user groups is unchanged. The users are generally sorted in 3 main categories, the unregistered/not logged in users, the registered users with frontend only access and the backend users. The exact naming of these main groups are varying across the different Joomla versions, but the default end level groups are the same. The groups and their core permissions are as follows:

  • A client of mine asked this question: "How can I allow registered users to log in and see the site even in offline mode, without giving them Super user privileges?"

  • You just upgraded your Joomla site to latest Joomla 2.5 or 3.* and your regular, registered users cannot login to the frontend, seeing this error:

    "You cannot access the private section of this site"

  • It's annoying... your own Joomla site don't let you log in in the backend, and you see the above error message... What's happened?

    Humm, there are couple of things you can do. Contrary of the lots of "smart" blog entries on the subject out there (last search revealed about 2 million hits) in most of the cases, regardless to Joomla version the cause is simple: