MODX Security: Access Control Lists
Posted by Mike Nuttall
This article is for when you have designed your site, it's looking nice, all the pages are in place and you now need to give your client access to edit only the appropriate pages. I don't explain how ACL's work here I just give the steps. The best explanation I have found is on Bob Ray's Revolution Permission pages.
1) Create your client User(s) in Security => Manage Users
2) Create two Resource Groups for example AllDocs and EditorPages in Security => Resource Groups.
Tick: Automatically Give Adninistrator Group Access
Tick: Automatically Give Anonymous Access
Put all your documents in AllDocs and the documents you want your client to be able to edit in EditorPages. (You drag them from the right hand side of the page to your new groups)
3) Create a User Group called Editors in Security => Access Controls => New User Group (button)
You can add your user(s) in the Users field.
You can add EditorPages in the Resource Groups field
You can choose policies ContentEditor
4) Create a new Role called Editor (with Authority of 15) in Security => Access Controls => Roles (tab)
5) Add your User to the Editors group (if you haven't already). Security => Access Controls => User Groups (tab). Right-click on the Editors group and choose Update User Group then go to the Users (tab) . Add with the role of Editor.
6) Create your Access Policies. You do this at Security => Access Controls => Access Policies (tab). Right click the Administrator policy and duplicate it, call it EditorAdmin and duplicate the Resource policy and call it EditorResource.
7) Now to connect your User Groups to Resource Groups and Contexts. First Administrators: Go to Security => Access Controls => User Groups(tab). Right-click on the Administrators group and choose Update User Group then go to the Users (tab) and check your users are in there. Then add Context Access and Resource Groups Access tabs so that they look like this:
For the Context Access tab:
For the Resource Group Access tab:
8) Next Editors: Go toSecurity => Access Controls => User Groups(tab). Right-click on the Editors groupand choose Update User Group then go to the Users (tab). Add Contexts and Resource Groups so that they look like this:
For the Context Access tab:
For the Resource Group Access tab:
So now your client user should only have access to the documents in the EditorPages Resource Group
You can control what your client user sees in the top menu by by editing the EditorAdmin Access Policy
Next (coming soon) you will want to use Form Customization to control what your user sees in the forms and tabs he has access to on the pages he can see in the manager .......
Ian
Aug 01, 2014 at 04:31 PM
Great tutorials here Mike keep up the good work, I am still learning MODx and building a small site for a friend whois a very non-technical user so this form customization wil be perfect, one of my next steps will be a gallery page probably using MIGx and jquery/fancybox or something.
If your looking for ideas on another tutorial then a gallery solution would be interesting this is what I find the hard about modx the gallery plug-in has few examples.
Keep up the good work and tweets
Cheers
Ian
Mike Nuttall
Aug 01, 2014 at 05:14 PM
Hi Ian,
Glad you found it useful. Thanks for the feedback.
I shall look into getting a gallery tutorial together.
Thanks
Mike
Nuno
Oct 07, 2014 at 03:26 PM
Hi Mike
Thanks a lot for this tutorial. I guess Modx team should do a review on their documentation, and give more attention to the Permissions Section.
You just saved my live!!!! :) Thanks a lot!!!!