Creating a New Policy
Policies are lists of Permissions that can be granted or denied to users. Each Permission determines a specific action or capability the user has (or is denied). Each Policy is based on a Policy Template, which determines which Permissions will appear in the Policy. If you might be adding or deleting Permissions from a Policy (rather than simply checking and unchecking them), you should always duplicate the appropriate Policy Template first and base your new Policy on that duplicate Policy Template.
Since you should never alter the standard Policies provided in the basic Revolution install, you should always duplicate an existing policy to create a new one.
Here are the steps for creating a new Policy:
- Go to Security | Access Controls
- Click on the "Policies" tab if it's not the current tab
- Right-click on the appropriate standard Policy (see below)
- Select "Duplicate Policy"
- Enter a name for your new Policy (see below)
- Click on the "Save" button
Selecting an Appropriate Policy to Duplicate
Only certain Policies are appropriate for a given kind of ACL entry. Before duplicating a Policy, you should decide what kind of ACL entry you want to use it in: Context, Resource Group, or Element.
- If your Policy will determine what actions users can perform in the Manager, you should duplicate the standard Administrator Policy (or one of its sub-policies: ContentEditor, Load Only, or Load, List, and View)
- If your Policy will determine which resources users can see and/or what they can do with those specific resources, you should duplicate the standard Resource Policy
- If your Policy will determine which elements users can see and/or what they can do with those specific elements, you should duplicate the standard Element Policy
It's a very good practice to refer to the name of the Policy you duplicate in the name of your new Policy. If, for example, you're creating a Policy to control what users in the Editors User Group can do in the Manager and are duplicating the standard Administrator Policy, call your policy something like EditorAdmin. Similarly, if you're duplicating the standard Resource Policy, call your Policy EditorResource. When duplicating the standard Element Policy, use something like EditorElement.
To Remove a Policy:
- Go to Security | Access Controls
- Click on the "Access Policies" tab
- Right-click on the Policy you want to remove
- Select "Remove Policy"
- Revolution Permissions
- Evolution Permissions
- Revolution Security Cheatsheet
- Basic Security Tutorials
- Advanced Security Tutorials
- Revolution Default ACL Entries
- Installing MODX
- How MODX Works
- Working with MODX resources and Elements
- Using Git with MODX
- Using common MODX add-on components like SPForm, Login, getResources, and FormIt
- MODX security Permissions
- Customizing the MODX Manager
- Using Form Customization
- Creating Transport Packages
- MODX and xPDO object methods
- MODX System Events
- Using PHP with MODX
Security Resources at Bob's Guides
My book, MODX: The Official Guide - Digital Edition is now available here. The paper version of the book may still be available from Amazon.
If you have the book and would like to download the code, you can find it here.
If you have the book and would like to see the updates and corrections page, you can find it here.
MODX: The Official Guide is 772 pages long and goes far beyond this web site in explaining beginning and advanced MODX techniques. It includes detailed information on:
Go here for more information about the book.
Thank you for visiting BobsGuides.com
— Bob Ray