Permissions for Newbies

After looking around I noticed a lot of you are trying to do what I have done... Create a sub-administrator for certain parts of the site by creating a Sub-Admin group. Below is some information that may assist in configuring your permissions.

For example, assume that you have a group of people you wish to place into a sub-administrator group. Here is a step-by-step example of creating this group and giving them permission to approve stories (articles) for the site.

Now that you have created the Group, you must grant the Group permission to do what you want them to do. In this example, we wish to allow them to be able to approve an Article for the site:

Graphically this is:


Function   Setting   Notes
-----------------------------------------
Group      subadmins    Setting the permissions for Group subadmins
Component  Stories::   Using the Stories Module
Instance   .*    The permission level applies to everything in this 
component
Permission Admin    Highest level of access

Remember this is going to give anyone in your Subadmins Group TOTAL control over the Stories module.

Most of you have the first permission set as ADMIN ADMIN. Move this newly-created group directly below Admins to ensure that another permission does not override it.

For example:


Group       Component   Instance   Permissions Level
----------------------------------------------------
subadmins   Stories::   .*       Admin  
Users       .*          .*         Read  

...would allow subadmins group Admin permissions since those members in subadmins are also in the group Users, but the subadmins permission is above the Users permission.


Group       Component   Instance   Permissions Level
----------------------------------------------------
Users       .*          .*         Read
subadmins   Stories::   .*         Admin

...this, however, would be useless since the permissions were already defined as Comment level for the Users before they were defined as Admin for subadmins. Everyone in Users and subadmins would have the same access.

Permission Samples

Let's say I have a link to a feature called ANDROMEDA and I don't want a user called "JoeSmith" to see it. I will select "JoeSmith" as the User and remove that user's ability to view it. To every other user the menu would look like this:

Home

Your Account

ANDROMEDA

News

...however, by adding the following to the permissions system...

User JoeSmith

Component Menublock::

Instance Main Menu:ANDROMEDA:

Permission None

...that user's menu now looks like this:

Home

Your Account

News

To make it so that a member of group 'Users' can no longer submit news yet another group, 'Submitters' (where Users are added to this group at the discretion of the admin) can Submit News.

Let's break this issue down. There are four steps to this situation.

Now that we understand the steps, it is rather straightforward to implement what you want.

1. Assuming that we have the following permissions structure set up:


Sequence  Group Component Instance  Permissions 
level
================================================================================
=
Admins Menublock:: Administration::*. Admin
Admins  .*  .*  Admin
All groups  Menublock::  Administration::*.  None 
Users  .*  .*  Comment 
Unregistered  Menublock::  Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered  Polls::  .*  Comment
Unregistered  .*  .*  Read

...we can DISALLOW Submit News by adding the following line (marked with "=-=-=-" above and below the added line):


Sequence  Group Component Instance  Permissions 
level
================================================================================
=
Admins Menublock:: Administration::*. Admin
Admins  .*  .*  Admin
All groups  Menublock::  Administration::*.  None 
=-=-=-
Users  Menublock::  Main Menu:(Submit News): None  # THIS IS 
THE ADDED LINE!
=-=-=-
Users  .*  .*  Comment 
Unregistered  Menublock::  Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered  Polls::  .*  Comment
Unregistered  .*  .*  Read

The added line sets to "None" the ability for the Users group to see the Main Menu item "Submit News". If your main menu is called something other than "Main Menu", or your submit news link is called something other than "Submit News", change the instance text.

2. We create a Group called "Submitters". Go to Administration -> Groups -> Add New Group. Type the name of the new group (I used "Submitters") and click the "New Group" button.

3. When the Groups page re-appears, click the name of the new group ("Submitters"), then click "Add a user to group" to add user(s) to this new Group.

4. Finally, go back to Administration->Permissions for step four which pulls it all together. Add line that is marked with "=-=-=-" above and below.


Sequence  Group Component Instance  Permissions 
level
================================================================================
=
Admins  Menublock::  Administration::*.  Admin
Admins  .*  .*  Admin
All groups  Menublock::  Administration::*.  None 
=-=-=-
Submitters  .*  .*  Comment # THIS 
IS THE ADDED LINE!
=-=-=-
Users  Menublock::  Main Menu:(Submit News):  None
Users  .*  .*  Comment
Unregistered  Menublock::  Main Menu:(Andromeda|Logout None
|Forums|Games|Submit News
|Members List|Messages):
Unregistered  Polls::  .*  Comment
Unregistered  .*  .*  Read

The added line gives specific permission to anyone in group "Submitters" to be able to use the Submit News function.


----------------------------------------------------------------------------

Let user called "James" see the "Administration" link. Add a User permission 
for the specific user:

 User/Group   James
 Component   Menublock::
 Instance   Main Menu:Administration:
 Permission   Read

If you renamed the "Administration" link to "Control", you would have to change 
the permission to:

 User/Group   James
 Component   Menublock::
 Instance   Main Menu:Control:
 Permission   Read

----------------------------------------------------------------------------

If you would like to make certain Articles available only to specified groups, 
you may do so by grouping the Articles under a specific category and declaring 
the permission as follows:

 User/Group   Unregistered
 Component   Stories::
 Instance   :<Category Name>:
 Permission   None

...where "<Category Name>" is the name of the Category where the Articles were 
grouped.

----------------------------------------------------------------------------

Adding Downloads Permissions to filter unregistered access.

Here are the complete steps to do this : 
* Locate the line 80 from modules/Downloads/lang/eng/global.php file.

* Change the define to the following:
define('_DOWNLOADSACCESSNOAUTH', 'You must be a registered member to access 
downloads');

* Go to Permissions Administration then Add a new group permissions as shown 
below:
Groups: Unregistered
Component: Downloads::
Instance: .*
Permissions Level: None

* Place the permission hierarchically just BEFORE default unregistered 
permission as shown below:
Group: Unregistered
Component: .*
Instance: .*
Permission level: Read

----------------------------------------------------------------------------

Restrict Articles submitted by a specified author ("uid 2" in this case) from 
being seen by Anonymous users:

 User/Group   Unregistered
 Component   Stories::
 Instance   2::
 Permission   None

----------------------------------------------------------------------------

Restrict a specific article ("sid 50" in this case) from being read by a 
specific user ("Paul" in this case): 

 User/Group   Paul
 Component   Stories::
 Instance   ::50
 Permission   None

(interesting uses!)

----------------------------------------------------------------------------

To allow Anonymous users to vote in Polls:

 User/Group   Unregistered
 Component   Polls::
 Instance   .*
 Permission   Comment

----------------------------------------------------------------------------

Member from group "users" can add stories (this will add a link to Add Stories 
in the menu of group "users"):

 User/Group   users
 Component   Stories::
 Instance   .*
 Permission   Add

----------------------------------------------------------------------------

Create a section available to certain members only. In this example, we first 
created a group named "Paid Members" before doing the following:

 Group: Paid Users
 Component: Sections::Section
 Instance: .*::1 (1 is the section ID)
 Permissions level: Read

 Group: All Groups
 Component: Sections::Section
 Instance: .*::1 (1 is the section ID)
 Permissions Level: None

Make sure that the first definition is above the second one and you've got a 
section for paid members only.

----------------------------------------------------------------------------

Members from group "users" can add Polls (this will add a link to Add Polls in 
the menu of group "users"):

 User/Group   users
 Component   Polls::
 Instance   .*
 Permission   Add

-----------------------------------------------------------------------------