MODX Security: Access Control Lists

Share this on:

This article is for when you have designed your site, it's looking nice, all the pages are in place and you now need to give your client access to edit only the appropriate pages. I don't explain how ACL's work here I just give the steps. The best explanation I have found is on Bob Ray's Revolution Permission pages.

1) Create your client User(s) in Security => Manage Users

2) Create two Resource Groups for example AllDocs and EditorPages in Security => Resource Groups.

Tick: Automatically Give Adninistrator Group Access

Tick: Automatically Give Anonymous Access

Put all your documents in AllDocs and the documents you want your client to be able to edit in EditorPages. (You drag them from the right hand side of the page to your new groups)

3) Create a User Group called Editors in Security => Access Controls => New User Group (button)

You can add your user(s) in the Users field.

You can add EditorPages in the Resource Groups field

You can choose policies ContentEditor

4) Create a new Role called Editor (with Authority of 15) in Security => Access Controls => Roles (tab)

5) Add your User to the Editors group (if you haven't already). Security => Access Controls => User Groups (tab). Right-click on the Editors group and choose Update User Group then go to the Users (tab) . Add with the role of Editor.

6) Create your Access Policies. You do this at Security => Access Controls => Access Policies (tab). Right click the Administrator policy and duplicate it, call it EditorAdmin and duplicate the Resource policy and call it EditorResource.

7) Now to connect your User Groups to Resource Groups and Contexts. First Administrators: Go to Security => Access Controls => User Groups(tab). Right-click on the Administrators group and choose Update User Group then go to the Users (tab) and check your users are in there. Then add Context Access and Resource Groups Access tabs so that they look like this:

For the Context Access tab:

The settings you need the Content Access tab for administrators

For the Resource Group Access tab:

The settings you need the Resource Group Access tab for administrators

8) Next Editors: Go toSecurity => Access Controls => User Groups(tab). Right-click on the Editors groupand choose Update User Group then go to the Users (tab). Add Contexts and Resource Groups so that they look like this:

For the Context Access tab:

The settings you need the Content Access tab for the editor users

For the Resource Group Access tab:

The settings you need the Resource Group Access tab for the editor users

So now your client user should only have access to the documents in the EditorPages Resource Group

You can control what your client user sees in the top menu by by editing the EditorAdmin Access Policy

Next (coming soon) you will want to use Form Customization to control what your user sees in the forms and tabs he has access to on the pages he can see in the manager .......

Share this on:
Mike Nuttall

Author: Mike Nuttall

Mike has been web designing, programming and building web applications in Leeds for many years. He founded Onsitenow in 2009 and has been helping clients turn business ideas into on-line reality ever since. Mike can be followed on Twitter and has a profile on Google+.

3 comments
  1. Ian

    Ian
    Aug 01, 2014 at 04:31 PM

    Great tutorials here Mike keep up the good work, I am still learning MODx and building a small site for a friend whois a very non-technical user so this form customization wil be perfect, one of my next steps will be a gallery page probably using MIGx and jquery/fancybox or something.
    If your looking for ideas on another tutorial then a gallery solution would be interesting this is what I find the hard about modx the gallery plug-in has few examples.

    Keep up the good work and tweets

    Cheers

    Ian

  2. Mike Nuttall

    Mike Nuttall
    Aug 01, 2014 at 05:14 PM

    Hi Ian,

    Glad you found it useful. Thanks for the feedback.

    I shall look into getting a gallery tutorial together.

    Thanks
    Mike

  3. Nuno

    Nuno
    Oct 07, 2014 at 03:26 PM

    Hi Mike

    Thanks a lot for this tutorial. I guess Modx team should do a review on their documentation, and give more attention to the Permissions Section.

    You just saved my live!!!! :) Thanks a lot!!!!