User groups and core permissions in Joomla

User Groups

A user group in Joomla is an entity that has core permissions, and users are assigned to it. It can contain a single or multiple users, but all users will have the same access level and can access the same pages throughout the site for creating or editing. To access Groups Manager, login to your Joomla backend and go to the Groups link under the Users menu tab. When moving to the user groups section, you will see the default groups that come with Joomla 3.x. Public, Guest, Registered, Author, Editor, and Publisher deal with the frontend of the site, while the Manager, Administrator, and Super User deal with the backend. Among all of these, “Public” is the parent of all user groups.

Public users can only see the frontend but have access to the site’s registered content on the backend.Registered users can login to the site frontend but are not allowed to make any edits. Authors, on the other hand, can create articles that are not automatically published, but they can edit their own work.Editors can create articles and can edit others’ articles as well as their own, but they are not allowed to publish or unpublish any article on the site. Publishers can create, edit, and approve articles by being able to publish them.

Managers can login to both the frontend and backend of the site and are allowed to create, edit, or delete any content on the site. They also have access to some other components on the backend. Administrators have all the rights of a manager, plus they can edit and configure components, modules, plugins, and templates. Super Users have full rights as administrators, but they can also access and make changes to global configuration, so you can say that they have root-level access to the site.

You can make changes to the permissions of any of these and can also create more user groups according to your requirements, but what I have explained is how user groups are arranged and managed by default in Joomla. You can edit a group but not delete it if any user is a member of it.

Core Permissions:

Core permissions are part of global configuration, which can be accessed via the “Global Configuration” link under the site menu at the backend. Once there, click on the Permissions tab to view core permissions settings, and you will see here all of the site’s user groups.When you click on any of the user groups, you will see the actual permissions that are assigned to each group.

There are normally 10 core permissions, which are

Site Login (you can login to the frontend of the website)

Admin Login (You can access the website’s backend)

Offline Access (logging in to the site when it is offline)

Super Admin (you will have all administrator and root permissions)

Access Component: It determines whether you can access a component if you are in that specific group.

Create (You can create or make an entry to the database; it could be an article or any component record).

Delete (it is possible to delete a record)

Edit: You can edit a record on the site.

Edit state (You can change the state of an item or record.)

Edit Your Own (You can only edit your own created items.)

You can set the permissions from the next column, called “Select New Setting,” and each setting consists of three values, named “Not set,”  “Allowed,” and “Denied.” If the permissions are not set, they may be overridden in the parent group’s child groups.Setting Allowed means that you can actually assign this corresponding access to this user group, while setting Denied means denying the access.

Access Levels:

Access levels assign access to a user group to allow them to view specific content on both the front and back ends of the site. In Joomla 3.x, you can move to the access levels page at the backend by clicking the “Access Levels” link under the Users menu. By default, we have access levels of public, guest, super user, registered, and special. The access of each level is self-explanatory through their names, but as far as the Special level is concerned, it comprises authors, editors, publishers, managers, administrators, and super administrators who can view content. In most cases, we only need these levels, which can be easily created based on our needs. The important thing to note is that access levels are only associated with viewing content and have nothing to do with editing or creating it.