Access Control List (ACL)

An access control list (ACL) is a table that tells a computer system which access rights each user/group has to a particular system object. Each object has a security attribute that identifies its access control list. The list has an entry for each system user/group with access privileges. The most common privileges include the ability to read, write or create objects or special system access/abilities.

The Joomla ACL system can be thought of as being divided into two completely separate systems. One system controls what things on the site users can view. The other controls what things users can do (what actions a user can take). The ACL for each is set up differently. 

Joomla Permissions Global Configuration

Groups and Actions: Actions allowed for each group are defined by the site administrator. 

Permission Scope: Permissions can be set at multiple levels in hierarchy: Site, Component, Category, Object. 

Permission Inheritance: Permissions can be inherited from parent Groups and parent Categories

There are four possible permissions for actions, as outlined below:

  • Not set: Defaults to "deny" but, unlike the Deny permission, this permission can be overridden by setting a child group or a lower level in the permission hierarchy to "Allow". This permission only applies to the Global Configuration permissions.
  • Inherit: Inherits the value from a parent Group or from a higher level in the permission hierarchy. This permission applies to all levels except the Global Configuration level.
  • Deny: Denies this action for this level and group. IMPORTANT: This also denies this action for all child groups and all lower levels in the permission hierarchy. Putting in Allow for a child group or a lower level will not have any effect. The action will always be denied for any child group member and for any lower level in the permission hierarchy.
  • Allow: Allows this action for this level and group and for lower levels and child groups. This does not have any effect if a higher group or level is set to Deny or Allow. If a higher group or level is set to Deny, then this permission will always be denied. If a higher group or level is set to Allow, then this permission will already be allowed.

Permissions can be defined at up to four levels, as follows:

  • Global Configuration: determines the default permissions for each action and group.
  • Component Options->Permissions: can override the default permissions for this component (for example, Articles, Menus, Users, Banners, and so on).
  • Category: can override the default permissions for objects in one or more categories. Applies to all components with categories, including Articles, Banners, Contacts, Newsfeeds, and Weblinks.
  • Article: Can override the permissions for a specific article. This level only applies to articles. Other components only allow the first three levels.

WordPress comes with a user role management system which defines what a specific user can and cannot do on your website. Out of the box when you install WordPress, there are five default user roles:

Administrator - Editor - Author - Contributor - Subscriber

In WordPress you can not, out of the box, add/edit/modify user roles.

Date modified: 09 November 2018