Access Manager is used to implement Access Control. In Elxis, administrators have the freedom to define the security patterns that best suite their needs. They can define who has access where and what he can do.
The access control is based on the idea of groups. You do not control individual users. You control groups of users. You define the rights for groups. All users that belong to a specific group inherit all group rights.
You are not limited to predefined access groups. You can create your own.
You are not limited to predefined permissions. You can define your own.
Access manager is based on the well known phpGACL class.
In this screen you will find the following terms:
ACO = Access Control Objects. Control the permissions that are available to ARO objects. In Elxis you can think user groups as being equivelant to ARO objects.
Available objects:
ARO = Access Request Objects. These are the defined user groups.
Possible ARO Values: It can be any of the predefined user groups, or user groups that administrator has created, i.e Registered, Administrators, Super Administrators, Authors, etc.
AXO = Access eXtension Objects. These are the object you have control on.
Available AXO Objects: Available AXO Objects vary based on the value of ACO and ARO. It can be any of: Content, Links, Profile, Components, Files, Templates, Languages, Modules, Bots, Bridges, Tools.
Possible values for AXO Objects: All, Own, installed Components, Images, Avatars, block_user.
The access model is based in the assumption that everything is denied unless it is allowed.
In order to better understand how you can define your own permissions you should start thinking like that you are creating sentences. These sentences define the rules.
For example, lets say that you want to create a rule, that will allow all registered users to have access in the Front-End to all components. Then your real-world-sentence would look like this:
"I want for the registered users, to be able to view all the components at the Front-End."
The Access Manager rule would be:
ACO |
ACO value |
ARO |
ARO value |
AXO |
AXO value |
action |
view |
users |
registered |
components |
all |
To better understand the way rules are set for each group, it would be better to use some examples and view what rules have been applied for some predefined groups.
Example I - Registered Users
Lets see what permissions Registered users have and how they are defined in Access Manager. Registered users can:
Now look the following table and see the rules.
ACO |
ACO value |
ARO |
ARO value |
AXO |
AXO value |
action |
add |
users |
registered |
weblinks |
all |
action |
edit |
users |
registered |
profile |
own |
action |
upload |
users |
registered |
files |
avatars |
action |
view |
users |
registered |
components |
all |
action |
view |
users |
registered |
profile |
all |
Example II - Manager
Lets see what permissions Managers have and how they are defined in Access Manager. Managers can:
Now look the following table and see the rules.
ACO |
ACO value |
ARO |
ARO value |
AXO |
AXO value |
action |
add |
users |
manager |
content |
all |
action |
add |
users |
manager |
weblinks |
all |
action |
edit |
users |
manager |
content |
all |
action |
edit |
users |
manager |
profile |
own |
action |
publish |
users |
manager |
content |
all |
action |
upload |
users |
manager |
files |
images |
action |
view |
users |
manager |
components |
all |
action |
view |
users |
manager |
profile |
all |
administration |
edit |
users |
manager |
components |
com_newsflash |
administration |
edit |
users |
manager |
components |
com_frontpage |
administration |
edit |
users |
manager |
components |
com_media |
administration |
login |
users |
manager |
|
|
Note: Please use this screen with caution. Failing to do so, may lead to a non functional web site.