A user group in Joomla is an entity which has core permissions and users are assigned to it. It can contain a single or multiple users but all users will have same access level and can access same pages throughout the site for creating or editing. To access Groups manager, login to your Joomla backend and go to Groups link under Users menu tab. When moving to the users groups section, you will see the default groups that come with Joomla 3.x. These are, Public, Guest,Registered, Author, Editor and Publisher deal with the frontend of the site, while the Manager, Administrator and Super Users deal with site backend. Among all of these, Public is the parent of all user groups.
Public users can see only frontend but have access to the registered content or backend of site. Registered users can login to site frontend but are not allowed to make any editing. Authors on the other hand can create articles but they are not published automatically but they are able to edit their own work. Editors can create articles and can edit others created articles, as well as their own but still not allowed to publish or unpublish any article on site. Publishers can create, edit and approve articles by being able to publish them.
Managers can login to both frontend and backend of the site and are allowed to create, edit or delete any content on site. They also have access to some other components on backend. Administrators have full rights of a manager, plus they can edit and configure components, modules, plugins and templates. Super Users have full rights of administrators but they can also access and can make changes to global configuration, so you can say that they have root level access to the site.
You can make changes to the permissions of any of these and can also create more user groups according to your requirements, but what I have explained is how User Groups are arranged and managed by default, in Joomla. You can edit a group but cannot delete it, if any user is member of that.
Core permissions are a part of Global Configuration, which could be accessed through “Global Configuration” link under site menu at backend and after going to this page, click on the Permissions tab to view Core permissions settings and you will see here all the user groups of the site. When you click on any of the user group you will see the actual permissions that are assigned to individual group.
There are normally 10 core permissions which are
Site Login ( You can login to frontend of the website )
Admin Login ( You can login to backend of website )
Offline Access ( Logging in to site when it is offline )
Super Admin ( You will have all administrator and root permissions )
Access Component ( It determines whether you can access a component, if you are in that specific group )
Create ( You can create or make an entry to database, it could be an article or any component record )
Delete ( You can actually delete a record )
Edit ( You can edit a record on the site)
Edit state ( You can change the state of an item or record )
Edit Own ( You can only edit your own created items )
You can set the permissions from the next column, called “Select New Setting” and each setting consist of three values, named “Not set”, “Allowed” and “Denied”. Not set means, the permissions could be overridden in the child groups of the parent group. While setting Allowed means that you can actually assign this corresponding access to this user group, while denied means, denying the access.
Access levels assign access to a user group to allow to view specific content on both front and backend of the site. In Joomla 3.x you can move to the access levels page at backend by click “Access Levels” link under the Users menu. By default we have access levels of Public, Guest, Super Users, Registered and Special. The access of each level is self explanatory through their names but as well as Special level is concerned, it comprises authors, editors, publishers, managers, administrators and super administrators can view content. In most of the cases, we only need these levels more could be created easily, according to our requirements. The important thing to note is, access levels are only associated to view content and has nothing to do with editing or creating the content.