Joomla 1.7. Access Control List explained

User Groups

User Groups are used to control what your user can do on the website; for instance, create, edit, and delete articles or categories on the website, work with the menu system, configure extensions, and so on.

Joomla 1.5.x

The ACL in Joomla 1.5 is hierarchical, each User Group inherits permissions from the group below it. There are only 4 groups available for Public Front–end users and 3 groups for Public Back–end users. The customization of users' groups wasn't possible if you wanted to create a special group for your customers. Each user can be assigned to only 1 defined User Group.

User Group

Assign 1 User Group to a new user

Joomla 1.7.x

The ACL in Joomla 1.7 is not hierarchical; you can build unlimited user–defined groups. A user can be assigned to multiple User Groups with unlimited user–defined Access Levels. User Groups are assigned to Access Levels. Any combination of User Groups can be assigned to any Access Level.

In Joomla 1.7 the User Manager has been extended to 3 sections: Users, User Groups and Viewing Access Levels.

User Manager: User

Configure the user's settings with User Manager

User Manager: User Groups

Manage user groups easily

As you can see the user can be assigned to several User Groups. Joomla 1.7 allows you to create unlimited User Groups for various needs.

Edit Users

Edit User screenshot

Access Levels

Access Levels control what your user can see on the website. You might restrict the user to see certain categories, articles, menus or components on the website.

Joomla 1.5.x

Access Levels are fixed and restricted to 3 levels: Public, Registered and Special. The Access Level covers all your articles, component, modules and plugins. Each Access Level belongs to a defined User Group.

Access Level - Joomla 1.5

Choose predefined Access Level for an article

Joomla 1.7.x

In Joomla 1.7 you can build unlimited Access Levels with any combination of User Groups can be assigned to them. These settings are located in the menu item Users of the menu toolbar.

Access Level - Joomla 1.7

Create, edit or delete an Access Level

Let's say we create a new Access Level and name it "Customer Access Level" with assigned groups Manager, Author and Customer Group. Check the necessary box for each User Group and click "Save".

User Manager: Edit Viewing Access Levels

Assign specific User Groups to the Access Level

After creating a new Access Level you can apply it to any articles or categories on the website. Below is the example of setting up the Access Level for an article.

Access Level - Joomla 1.7

Choose a pre–customized Access Level for an article

Permissions and Actions

The main purpose of Permissions is allowing or denying access to the functionality of your website. For instance, you can allow a User Group to create and edit content only, but restrict access to the components.

Joomla 1.5.x

Permissions in Joomla 1.5.x has a fixed value and is assigned to defined User Groups. You cannot change or create a new User Groups with preferred permission settings. The permission concept isn't flexible and the customization of user groups is seriously limited.

Joomla 1.5 permission table

The permission table of Joomla 1.5

Joomla 1.7.x

Below you can see the screenshot of a typical interface for Permission Settings. The settings include all created User Groups on your website. For each User Group you can set the Actions and Permission Level.

Action Permission Joomla 1.7

Action and Permission settings

A User Group has 9 Actions:

  • Site Login – Allows users in the group to login to the front - end site.
  • Admin Login - Allows users in the group to login to the backend administrator site.
  • Super Admin – Allows users in the group to perform any action over the whole site regardless of any other permission settings.
  • Access Component – Allows users in the group to access all areas on the backend administrator site except Global Configuration.
  • Create – Allows users in the group to create any content in any extension.
  • Delete - Allows users in the group to delete any content in any extension.
  • Edit - Allows users in the group to edit any content in any extension.
  • Edit State – Allows users in the group to edit the state of any content in any extension.
  • Edit Own – Allows users in the group to edit any content they own in any extension.

The Action has 4 Permissions:

  • Not Set – No permission. (Available only in the Public User Group).
  • Inherited – The permission from the parent group will be used.
  • Denied – No matter what the parent group's setting is, the group being edited cannot take this action.
  • Allowed - The group being edited will be able to take this action

The Joomla 1.7 ACL defines 4 permission levels which can override one another. The low permission level uses the permission from parent level.

  • Level 1: Global Configuration
  • Level 2: Component Options
  • Level 3: Category
  • Level 4: Article

Global Configuration

Defines the default permission for each user group and actions.

Permission level Global

Global Configuration settings


Overrides the default permission for components. For instance, Articles, Menus, Users, Banners and so on.

Permission Components

Components settings


Overrides the permission of Global Configuration and Components. It's available for components with categories including Articles, Contacts, Banners, Newsfeeds, and Weblinks.

Permission Category

Category settings


Overrides the permission of Global Configuration, Components and Category. It's only available for articles in Joomla 1.7 core.

Permission Article

Article settings

With a plain 4-levels structure you can customize permission settings from the smallest object to the biggest one. One thing worth to mentioning here is that with the permission value "inherited" you can configure low-level permissions more effectively and faster.

The conclusion

With the launch of Joomla 1.7 the ACL mechanism added great value to the whole content management system. It gave us more ways to customize the user groups and assign permission for various purposes. Joomla 1.7 ACL is a serious step in the improvement and increased the flexibility of the system. If you have any opinions feel free to share them it out here in the comment box.

Rate this blog entry:
Recent posts
Joomla Service Providers - Helpful Things You Shou...
How to find a specific Joomla extension on JED Sea...
Leave a comment

Related Posts

The first thing that everyone asks themselves when creating a website is, “what CMS do I go for”? If they are aware of the techn...
08 September 2016
A marketing message or an offer can only be successful when hitting its target audience at the right time, in the right place. &nb...
30 August 2016
Let’s not beat around the bush. Here in this article I’m going to introduce you with the top-ranked Joomla! form extensions by far...
11 August 2016
Are you just tired of those wishy-washy Joomla medical templates with so many flashy effects but don’t give you what you want? It’...
08 August 2016
If you are looking for a solution to take care of your customers, visitors followup and sales boosting, you’ve come to the right p...
30 July 2016