Sander Potjer gave a presentation on the Joomla! access control list (ACL) system. He discussed how the ACL has evolved from Joomla 1.5 to 2.5, including moving from fixed user groups and access levels to unlimited customizable groups and levels. He explained how permissions can be set at different object levels in a hierarchy and inherited. Sander also provided tips for planning and implementing the ACL and debugging permissions. Resources for further information on the Joomla! ACL were provided.
The most wanted new feature of Joomla 1.6, the new ACL system explained. Including the ACL Manager extension that is in development by Sander Potjer.
Given at Joomla Days United Kingdom, 2010.
The most wanted new feature of Joomla 1.6, the new ACL system explained. Including the ACL Manager extension that is in development by Sander Potjer.
Given at Joomla Days United Kingdom, 2010.
Make your extension more powerful by implementing Joomla ACL - J and Beyond 2014Sander Potjer
Did you already implemented support for Joomla ACL in your extension? No? Join this session to learn all about making your extension more powerful by implementing support for Joomla ACL.
In an attempt to keep Joomla user friendly many site builders would like to be able to set customized access for the end users of the website. For example by proving access to a specific page of a specific extension in the backend.
Many extensions still don't offer the possibility to configure ACL permissions. I will explain why it is important for the customers of your extension to implement Joomla ACL support and how easily this can be implemented.
Oracle Enterprise Manager Security: A Practitioners GuideCourtney Llamas
East Coast Oracle Users Group 2015 - Oracle Enterprise Manager 12c security framework can be quite overwhelming for the EM administrator. It's often hard to understand how the components interact and how to best leverage them for your organization. Learn how to take advantage of Enterprise Manager roles, groups and named credentials to properly grant permissions and privileges to users. Utilizing EM privileges, we'll show how you can safely grant access to application teams and developers, without the worry of changes being made.
(ATS4-PLAT02) Security Enhancements in Accelrys Enterprise Platform 9.0BIOVIA
In the latest version of the Accelrys Enterprise Platform we have streamlined how permissions are managed and added the capability for packages to define groups and permission sets. In addition, enhancements have been made to File Based Authentication that make deployment of servers supporting Anonymous access easier. This session describes the new features and how to manage them through the Administration Portal.
PANORAMA NECTO 14 TRAINING - Panorama is leading a Business Intelligence 3.0 revolution and a creation of a new generation of Business Intelligence & Data Discovery solutions that enable organizations to leverage the power of Social Decision Making and Automated Intelligence to gain insights more quickly, more efficiently, and with greater relevancy.
www.panorama.com
Make your extension more powerful by implementing Joomla ACL - J and Beyond 2014Sander Potjer
Did you already implemented support for Joomla ACL in your extension? No? Join this session to learn all about making your extension more powerful by implementing support for Joomla ACL.
In an attempt to keep Joomla user friendly many site builders would like to be able to set customized access for the end users of the website. For example by proving access to a specific page of a specific extension in the backend.
Many extensions still don't offer the possibility to configure ACL permissions. I will explain why it is important for the customers of your extension to implement Joomla ACL support and how easily this can be implemented.
Oracle Enterprise Manager Security: A Practitioners GuideCourtney Llamas
East Coast Oracle Users Group 2015 - Oracle Enterprise Manager 12c security framework can be quite overwhelming for the EM administrator. It's often hard to understand how the components interact and how to best leverage them for your organization. Learn how to take advantage of Enterprise Manager roles, groups and named credentials to properly grant permissions and privileges to users. Utilizing EM privileges, we'll show how you can safely grant access to application teams and developers, without the worry of changes being made.
(ATS4-PLAT02) Security Enhancements in Accelrys Enterprise Platform 9.0BIOVIA
In the latest version of the Accelrys Enterprise Platform we have streamlined how permissions are managed and added the capability for packages to define groups and permission sets. In addition, enhancements have been made to File Based Authentication that make deployment of servers supporting Anonymous access easier. This session describes the new features and how to manage them through the Administration Portal.
PANORAMA NECTO 14 TRAINING - Panorama is leading a Business Intelligence 3.0 revolution and a creation of a new generation of Business Intelligence & Data Discovery solutions that enable organizations to leverage the power of Social Decision Making and Automated Intelligence to gain insights more quickly, more efficiently, and with greater relevancy.
www.panorama.com
Improving Joomla’s Backend User ExperienceRandy Carey
Two types of users access a CMS - the developer and those managing a site's content. Each uses the CMS with different goals and usually with different capabilities. This presentation focuses on tailoring Joomla to give our client's an improved user experience.
Presented at Joomla Day Midwest (Nov 12, 2011 - Milwaukee, WI USA)
Presentatie door Robin Poort gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Robin Poort gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Simon Kloostra gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Sander Potjer gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Server performance @ Joomla! Performance Expert SessieSander Potjer
Presentatie door Jisse Reitsma gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Hans Kuijpers gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Google AMP @ Joomla! Performance Expert SessieSander Potjer
Presentatie door Simon Kloostra gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Simon Kloostra gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Simon Kloostra gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Jisse Reitsma gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Presentatie door Sander Potjer gegeven tijdens de Joomla! Performance Expert Sessie op 23 juni 2017 in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-performance
Joomla! First - JoomlaDagen 2017 #jd17nlSander Potjer
What is the status of Joomla 3.7, next versions and the Joomla project. Be proud on yourself and the Joomla sites you built. Be responsible for what you deliver, you are an important part of the Joomla marketing. Spend time on making your customers happy with their Joomla site and make sure you keep the sites maintained and secure!
Complexe pagina’s gebruiksvriendelijk? Dat klinkt als een vreemde combinatie!
Heb jij ook wel eens een pagina gebouwd voor een klant bestaande uit meerdere kolommen en rijen, tabs, embedded-video, afbeeldingen met lightbox effect etc… ?
Vaak wordt dit opgelost door meerdere extensies in te zetten en aan elkaar te knopen. Maar kon de klant daarna nog eenvoudig aanpassingen maken zonder de pagina om zeep te helpen of naar 10 verschillende pagina’s in het beheer te gaan? En hoe zag die pagina eruit in de zoekresultaten van de site?
Met Perfect Content Builder kan je zulke pagina’s opbouwen terwijl ze toch nog op een gebruiksvriendelijke manier voor je klant te bewerken zijn. In deze presentatie laten we zien hoe deze extensie het werken aan de site voor jou en je klant eenvoudig maakt!
Performance & SEO - Joomla SEO Expert SessieSander Potjer
Presentatie door Jisse Reitsma - Performance & SEO. Gegeven tijdens de Joomla SEO Expert Sessie op 18 maart in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-seo
Social Media & SEO - Joomla SEO Expert SessieSander Potjer
Presentatie door Hans Kuijpers - Social Media & SEO. Gegeven tijdens de Joomla SEO Expert Sessie op 18 maart in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-seo
Joomla 3.6: nieuwe router - Joomla SEO Expert SessieSander Potjer
Presentatie door Sander Potjer - Joomla 3.6: nieuwe router. Gegeven tijdens de Joomla SEO Expert Sessie op 18 maart in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-seo
Presentatie door Simon Kloostra - SEO Audit. Gegeven tijdens de Joomla SEO Expert Sessie op 18 maart in Bussum: https://perfectwebteam.nl/expert-sessie/joomla-seo
1. Joomla! ACL tekst
Sander Potjer
@sanderpotjer
www.aclmanager.net
Joomla!Day Germany - 5 October 2012
2. Sander Potjer
• Involved in the local Joomla community
• Joomla Community Leadership Team
(CLT) member
• Company: Sander Potjer Webdevelopment
• ACL Manager developer
• E-mail: sander.potjer@community.joomla.org
3. Sander Potjer
• Involved in the local Joomla community
• Joomla Community Leadership Team
(CLT) member
• Company: Sander Potjer Webdevelopment
• ACL Manager developer
• E-mail: sander.potjer@community.joomla.org
• Slides: http://www.slideshare.net/sanderpotjer
5. It took a while... DrupalCon, October 2005
Johan Janssens
• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
7. ACL?!?!
• ACL = Access Control List
• Access to parts of the website
– e.g. menu / module visibility
– “view” action
8. ACL?!?!
• ACL = Access Control List
• Access to parts of the website
– e.g. menu / module visibility
– “view” action
• User actions on objects
– example: create / edit / edit state / delete article
9. ACL - Groups
2.5/3.0
• 7 fixed Groups
– Public, Registered, Author,
Editor, Publisher, Manager,
Administrator and Super-
Administrator
• Hierarchical structure
10. ACL - Groups
2.5/3.0
• 7 fixed Groups • Unlimited Groups
– Public, Registered, Author, – user defined
Editor, Publisher, Manager,
Administrator and Super-
• No Hierarchical Structure
Administrator
required
• Hierarchical structure
11. ACL - User in Group
2.5/3.0
• User can be assigned to
one group
12. ACL - User in Group
2.5/3.0
• User can be assigned to • User can be assigned to
one group multiple groups
13. ACL - Access Levels
2.5/3.0
• 3 fixed Access Levels
– Public
– Registered
– Special
14. ACL - Access Levels
2.5/3.0
• 3 fixed Access Levels • Unlimited Access Levels
– Public – user defined
– Registered
– Special
15. ACL - Access Levels & Groups relation
2.5/3.0
• Fixed relation between
Groups and Access
Levels
16. ACL - Access Levels & Groups relation
2.5/3.0
• Fixed relation between • Any combination of User
Groups and Access Groups can be assigned
Levels to any Access Level
17. ACL - Actions
2.5/3.0
• Fixed Actions per group
– Create / edit / delete /
admin access / etc.
• Permission scope for
entire site
– Same permission for all objects
• Permission inheritance
not applicable
18. ACL in Joomla! 1.5 & 1.6 (Actions)
• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
19. ACL - Actions
2.5/3.0
• Fixed Actions per group • Custom Actions per group
– Create / edit / delete / – Create / edit / delete /
admin access / etc. admin access / etc.
• Permission scope for • Permission scope at
entire site multiple levels
– Same permission for all objects – Site/Component/Category/Item
• Permission inheritance • Permission can be
not applicable inherited
– Parent Groups / Categories
27. Group
• Users with same permissions
• Inherited permissions from
parent groups
• Unlimited nested groups
• Keep it simple! Only use
nested groups if needed
• Guest group in Joomla 3.0
29. Access Level
• What is visible for the
group (article, menu,
module, etc.)
• Permissions are not
inherited between Access
Levels
• Even Super Users can not
view content on frontend if
not assigned
33. Permissions - Not Set
• ‘soft’ deny
• can be overridden by ‘Allowed’ or ‘Denied’
34. Permissions - Inherited
• Value from a parent Permission level
• Value from a parent User Group
• Can be overridden by ‘Allowed’ or ‘Denied’
35. Permissions - Allowed
• Action for current permission level and lower levels
• Action for current user group and child groups
• Can be overridden by ‘Denied’
36. Permissions - Denied
• Action for current Permission level and lower levels
• Action for current User Group and child Groups
• Can not be overridden at all
• Always win!
39. Permission Hierarchy (levels)
• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options
– can override the permissions of Level 1
40.
41.
42. Permission Hierarchy (levels)
• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options
– can override the permissions of Level 1
• Level 3: Category
– can override the permissions of Level 1 & Level 2
– available for components with categories (Articles, Banners, etc...)
43.
44.
45. Permission Hierarchy (levels)
• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options
– can override the permissions of Level 1
• Level 3: Category
– can override the permissions of Level 1 & Level 2
– available for components with categories (Articles, Banners, etc...)
• Level 4: Item
– can override the permissions of Level 1 & Level 2 & Level 3
– only available for article manager in Joomla core
46.
47.
48. Permission Hierarchy (levels)
• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options
– can override the permissions of Level 1
• Level 3: Category
– can override the permissions of Level 1 & Level 2
– available for components with categories (Articles, Banners, etc...)
• Level 4: Item
– can override the permissions of Level 1 & Level 2 & Level 3
– only available for article manager in Joomla core
49. Permission Hierarchy (levels)
• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options
– can override the permissions of Level 1
• Level 3: Category
– can override the permissions of Level 1 & Level 2
– available for components with categories (Articles, Banners, etc...)
• Level 4: Item
– can override the permissions of Level 1 & Level 2 & Level 3
– only available for article manager in Joomla core
• Override permissions of higher levels only works
if permission setting is not ‘Denied’!
50. Inheriting example for ‘Create’ Action
Level 1
Level 2
Level 3
Level 4
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
51. Inheriting example for ‘Create’ Action
Level 1
Level 2
Level 3
Level 4
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
52. Inheriting example for ‘Create’ Action
Level 1
Level 2
Level 3
Level 4
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
53. Inheriting example for ‘Create’ Action
Level 1
Level 2
Level 3
Level 4
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
69. Debug Permissions
• Turn on the ‘Debug System’ in the
Global Configuration
• Go to ‘User Manager’ or ‘Groups’
• Click on ‘Debug Permission Report’ next to the User
or User Group
75. Viewing or Action problem
• Define the problem, is it a viewing problem or action
problem (create/delete/edit/etc..)? Or both?
• Viewing: define the Viewing Access Levels
• Action: define the permissions for all actions
76. Think ahead! Maintenance?
• Structure your content properly to handle the
permissions
• Make usage of parent categories with nested
categories with same permissions
• No need to set permissions per article
78. User in multiple User Groups
• The Netherlands
– Allowed on edit ‘The Netherlands’ category
– Denied on edit ‘Germany’ category
79. User in multiple User Groups
• The Netherlands
– Allowed on edit ‘The Netherlands’ category
– Denied on edit ‘Germany’ category
• Germany
– Allowed on edit ‘Germany’ category
– Denied on edit ‘The Netherlands’ category
80. User in multiple User Groups
• The Netherlands
– Allowed on edit ‘The Netherlands’ category
– Denied on edit ‘Germany’ category
• Germany
– Allowed on edit ‘Germany’ category
– Denied on edit ‘The Netherlands’ category
• User in The Netherlands & Germany group
– Denied on edit ‘The Netherlands’ category
– Denied on edit ‘Germany’ category
– Denied always win (again)
– Solution: don’t use denied but not set/inherited (=soft deny)
82. What if I locked myself out?
• No need to access your database
• Open your configuration.php and add:
– public $root_user = 'username';
• You can login again and perform all actions
• Great for playing around with the new ACL
• Don’t forget to remove the $root_user line!
84. ACL Tips
• Write down your ACL requirements for a website
before implementing
• Joomla 1.5 User Groups are for backward
compatibility in Joomla 2.5, you may remove them!
• Use multi-nested Groups only if needed / know what
you are doing
(so inheriting value only between levels, not groups as well)
85. ACL Tips
• Assign User Group with backend access to a Viewing
Access Level (often ‘Special’)
• Keep flexible for lower permission levels/groups:
Avoid the ‘Denied’ permission setting as long as possible
• Use role-based groups