Need help understanding Access Levels, user groups, and elements

[Ryusaikou]

OK I hope there is a simple answer for this, I am new to J! 2.5... so on an element it is editable by and viewable by what you have in the Viewing Access Levels, but on 1.5 I could select "editable by" the author and then the editor, and administrator could still edit because they are above author... I basically want the same thing in 2.5 but if If i was to select that it was editable by registered, the administrator could not edit.

Several people have access to the same thing but also diffrent things. So a "Builder" could edit the "Date Built" element, but so could the "Plant manager" in the event the builder forgot to.

 

[Ryusaikou]

I guess an easy solution would be to make many copies of the same elements on diffrent lists so i can edit the permission on each element but then the information on them would not carry over to each of them if I unlink the tables from each other right? and the user "builder" should not be able to edit certain elements at all..

the deal is that every list should have all the same information just presented in diffrent ways to make editing it easier.

 

[troester]

J2.5 ACL: there should be a thread pointing to a Joomla docu and maybe there's something in the WIKI but I can't find it at the moment.

Have a look at your "Viewing access level" Registered:
The "tree" is showing the parent/child structure of your groups, as you can see (if you didn't change the Joomla defaults) Manager (+Admin) and SuperUsers are NO children of Registered, so they don't inherit access levels applied to "Registered" group (e.g. the "Registered" access level).

If this access level should belong to Manager (+Admin) and SuperUsers the checkboxes must be checked (Author, Editor,Publisher don't need the checkbox because the parent group "Registered" is checked)

So if your Administrator can't edit records with "Registered" access I assume he is not checked in the "Registered" access level.

 

[cheesegrits]

This is definitely a case of needing to understand how J! 2.5's access levels work. Basically, the "at or below" aspects of the J! 1.5, Fabrik 2.x group access controls have been moved into J! itself.

So if you want what in Fabrik 2.x would have been at "at or below Builder group" access, you need to create a J! access level that includes all the groups you want.

There are several good explanations and tutorials on the new J! access levels out there, just Google around and you'll find plenty of good help.

-- hugh

 

[Ryusaikou]

Would you mind sparing a link... i dont think I am searching for the correct thing in google if this is obvious...

 

[Ryusaikou]

OK Ok, i think I may have this down... someone tell me if I am thuroly confused and this is working on a fluke or if I am doing it right... (couldn't find a link to tell me) Ok so if I make the user groups look like they did to me in 1.5 in fabrik 2.x and then assign access levels to them with what they can access, If the higher tier is in the same group it will have access as well... So I did something like this

public
-Sales lot (lowest tier)
--Builder
---Driver
----Plant Manager
-----Admin
super user

Ok then on access levels I named them the same so
Sales lot has access to sales lot and public
Builder has access to builder and public
Driver has access to Driver, Sales lot, and public
Plant manager has access to Plant manager, driver, Builder, sales lot, and public
and finnaly admin has access to all of them

This should work right?

this way sales lot can set the information on the required fields, but only on fields they should be using, some they can only see. but the plant manager and administrator can change those fields should the need arise. Am I right?

 

[rob]

I have to double tripple think about access levels and I often only get there by trial an error so I would always suggested testing with the various logged in users against what you think should happen

public
-Sales lot (lowest tier)
--Builder
---Driver
----Plant Manager
-----Admin
super user

are these your user groups?

If so then

Sales lot has access to sales lot and public

Correct

Builder has access to builder and public

Partially correct (I think) - As the builder group is a child group of Sales it will inherit belonging to the Sales group. So anyone in the builder group will be able to see items assigned to the sales access level.

Again I'm not 100% sure of this, as I tend to make my groups flat:

root
- public
- sales
-builder
-plant manager
-admin
-super user

Which reduces me having to think about group hierarchies AND viewing access levels.

 

[troester]

One important point:
Groups inherit access levels from their parent, so they inherit rights applied to access levels (e.g. edit list records) but they also inherit restrictions applied to access levels (e.g. prefilters).

This is the reason why (with Joomla defaults) a SuperUser can't see records if a prefilter is applied to Public (Public is parent of SuperUser) and you have to add an ORed prefilter applied to admin showing all records to SuperUser.

 

[Ryusaikou]

Got it Thanks a ton for the help!