Share


Follow

Follow Me on Twitter

RSS Feed

Hiding Specific Resources in the Manager

A common uses for security permissions in MODX Revolution is to hide specific resources from specific users. You might, for example, want to let users see some resources but not others. This tutorial will help you create a case where specific resources are invisible to a specific set of users.

Note that if you want to hide or control access to all resources for certain users, that is done with a Context Access ACL entry as explained in this tutorial.

If you want to control access to some resources for certain users (e.g., to let them edit but not publish certain resources), that's explained in this tutorial.

Preview

Here is a preview of the basic steps necessary to hide resources in a specific Resource from users in a specific User Group:

  • Create the users
  • Create a Role for the users
  • Create a user group for the users
  • Put the users in the group
  • Create a Resource Group
  • Put the Resources in the Resource Group
  • Create a Resource Group Access ACL entry linking the Resource Group with the Administrator User Group.

Step-by-step Tutorial

Here are the steps for creating Manager users who cannot see specific resources. The links in the list below are to other mini-tutorials explaining how to perform each step. We'll assume that the user group is called "Editors" and the Resource Group is called "HiddenResources", although you can use any names as long as you're consistent. If you have performed the first steps in another tutorial, be sure to create new resources and a new resource group for this one. You can use the same users, User Groups, and Roles you created earlier.

  1. Create the Users
  2. Create a Role for the users. Call the Role "Editor" and give it an Authority level of 10
  3. Create a User Group called "Editors" and add the users to it
  4. Create a Resource Group. Call it "HiddenResources" and add the resources to it
  5. Create a Resource Group Access ACL Entry for the Administrator group (not the Editors):
    1. Go to Security | Access Controls
    2. click on the "User Groups" tab if it is not the current tab
    3. Right-click on the "Administrator" User Group (not the Editors User Group)
    4. Select "Update User Group"
    5. Click on the "Resource Group Access" tab
    6. Click on the "Add Resource Group" button
    7. Use the following values in the ACL entry:
      • Resource Group:HiddenResources
      • Context: mgr
      • Minimum Role: admin Super User
      • Policy: Resource
    8. Click on the "Save" button in the dialog
    9. Click on the "Save" button at the upper right
  6. Under Security in the Top Menu, select "Flush Permissions". You may also need to Flush All Sessions and clear the site cache before your permissions take effect.

    7. Because we have linked the Resource Group to the Administrator user group with a Resource Group Access ACL entry, those resources are now protected. That means that the users in the Editors User Group will not see them in the Resource tree and will have no access to those resources. Note that if you have given the Editors access to those resources in another Resource Group Access ACL (say, by following the Controlling Access to Resources tutorial) using the same Resource Group name, the resources will not be hidden. The users will have whatever access to them you granted in the other ACL entry. In general, when ACL permissions conflict, the user will be granted the most permissive of the ACL entries that apply.

     

    My book, MODX: The Official Guide is now available for order here. The book is currently being shipped.

    If you have the book and would like to download the code, you can find it here.

    If you have the book and would like to see the updates and corrections page, you can find it here.

    MODX: The Official Guide is 772 pages long and goes far beyond this web site in explaining beginning and advanced MODX techniques. It includes detailed information on:

    • Installing MODX
    • How MODX Works
    • Working with MODX resources and Elements
    • Using Git with MODX
    • Using common MODX add-on components like SPForm, Login, getResources, and FormIt
    • MODX security Permissions
    • Customizing the MODX Manager
    • Using Form Customization
    • Creating Transport Packages
    • MODX and xPDO object methods
    • MODX System Events
    • Using PHP with MODX

    Go here for more information about the book.

    Thank you for visiting BobsGuides.com

      —  Bob Ray