Creating a New User Group
At present, there is no way in MODX Revolution to apply security restrictions to individual users. All security restrictions apply to user groups, so restricting a user means that you have to create a user group, add the user to it, and create security permissions for that user group.
Here are the steps for creating a new User Group:
- Go to Security | Access Controls
- Click on the "User Groups" tab if it is not the current tab
- Click on the "New User Group" button
- Enter a name and description for the User Group
- Select a Manager Policy for the User Group
- (optional) Add users to the User Group
- (optional) Connect Resource Groups to the User Group
- (optional) Element Categories to the User Group
- Click on the Save button in the dialog
The bottom section of the form described above is a "Wizard" that lets you perform multiple actions at once. Personally, I don't like filling in the optional fields in the list above because you have to type them rather than selecting them and it's easy to get them wrong.
You *do* need to select a Manager Policy, but I don't know why since it's not necessary for the creation of the User Group.
For the purposes of these tutorials, it's recommended that you select "(no policy)" for the Manager Policy. When you select a Manager Policy other than "(no policy)", in addition to creating the User Group, the Wizard will also create a Context Group Access ACL entry for the 'mgr' context specifying the User Group. In following the tutorials here, you'll create that ACL entry yourself (if you need it at all) and will have a better understanding of where it came from and what it does.
Although you can assign a Role for each user later, it will save you time and trouble if you create a Role for your users before adding them to the group.
To add users to the User Group:
- Right-click on the User Group
- Select "Add User to Group"
- Select the user and (optionally) the user's Role using the drop-down menu
- Click on the "Save" button in the dialog.
Tip: It's a *very* good practice to add the admin Super user to every User Group you create with a Role of admin Super User. That way you won't end up accidentally hiding resources from the admin when you implement security restrictions.
Security Resources at Bob's Guides
My book, MODX: The Official Guide - Digital Edition is now available here. The paper version of the book may still be available from Amazon.
If you have the book and would like to download the code, you can find it here.
If you have the book and would like to see the updates and corrections page, you can find it here.
MODX: The Official Guide is 772 pages long and goes far beyond this web site in explaining beginning and advanced MODX techniques. It includes detailed information on:
- Installing MODX
- How MODX Works
- Working with MODX resources and Elements
- Using Git with MODX
- Using common MODX add-on components like SPForm, Login, getResources, and FormIt
- MODX security Permissions
- Customizing the MODX Manager
- Using Form Customization
- Creating Transport Packages
- MODX and xPDO object methods
- MODX System Events
- Using PHP with MODX
Go here for more information about the book.
Thank you for visiting BobsGuides.com
— Bob Ray