I need to realize a protected area for my components admin tools; i would like to use admin login and let the connected users see my admin tools without letting them access Joomla administrator stuff. How can i do it?
As Elin has stated Joomla's ACL will take care off this for you.
The groups and Access Levels are found in Users config area. Once you have set that up, you will need to set the appropriate security access settings in the Global Configuration > Permissions settings. This will allow them in to the Admin area and then for each of the individual components/sections/areas that you DON'T want them to have access to, you will need to make appropriate selections(look for 'Options' in each area). Permissions are inherited and you have given them access to the Admin area in the Permissions settings above, so everything is open until you close them down.
Obvious warnings of testing thoroughly and backing up as you're potentially opening up your system. The ACL can become very confusing very quickly.
Related
In my work we have users who access a Web based tool called Microstrategy that serves different reports from different projects. Users are added to various groups in the Developer tool by importing them from the selected domain they are on into a specific group that gives them access to only the project > report they require. Most users come from one main central domain, some others are still on old domains.
I am currently involved with admin on this system and I am experiencing a problem I cannot get to the bottom of. I think they problem lies in no man's land, I don't know if it is a problem with network, domain, or something else?
Most users will be set up with authenticated login, meaning that when they click on the respective link for their report they are logged straight in using their windows credentials.
In this particular case however the user does not seem to be able to login, but can get in by manually typing their username in (username and password) to access.
I'm not sure what the problem is, why it won't authenticate automatically like most of the others do? I don't know if this makes any difference but when I RDP into the machine I cannot see the C drive due to 'admin restrictions on effect on this pc'.
I don't know what this restriction is and if it is a symptom or related to the login problem. Is there a way of fault finding this?
Thanks
Andrew
The answer to this partly depends on the version of MicroStrategy you are using.
Forget about RDP to the server, you won't need that.
Assuming you have access to edit and change users with the Developer tool, open Developer.
In the tree on the left,
open the "project source" (the top level of the tree)
then Administration
then User Manager
then find the user, most likely within one of the groups you have set up
right click on the user and choose Edit
go to the Authentication section
There's a few relevant things here.
Is the user linked to a windows user? (they should be for the access you want)
Is the tickbox ticked "user cannot use standard authentication to logon"
You probably don't want to allow that if the standard at your workplace is auto login
I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.
By default, Magento shows different widget types as options in the backend, such as 'Cms Page Link' and 'Catalog Category Link'. However, I want to provide my client only with the theme's relevant widgets, so I want to be able to remove some widgets, at least as an admin option.
The options for the backend are set via the respective core modules /etc/widget.xml. What is the best way to override this, without a core hack?
Any suggestion would be much appreciated!
#Daco
Magento has features to implement the above. It is achieved with the help of "ROLES" and "USERS" in the system tab of magento admin panel.
Solution
Create a role for your client "client_xyz" by going to
System->Permission->Roles.
Add Resources to the role, these resources are the links that you
would like to restrict the users upon or grant them permissions.
After creating the roles and resources, create a user to be given to the client. The Users can be created under System->Permissions->Users.
Create the users assign the roles that are already created. And now when the users login using this newly created credentials. They will only see what is granted by the Admin.
I need to allow the administrator group to access to System->Global Configuration page.
By Global Configuration page I intend that page that has the Site, System, Server, Permissions, Text and Filters tabs.
I don't see this component anywhere to configure it, so I understand that it is meant only for the Super Users.
So maybe I have to edit administrator/components/com_config. But where and how?
The only way to give that kind of access is to make the users Super Admins under the Users section. You can see a list of the default user groups and their roles here: Changing User Groups
Here is the process to change a user's group:
Log into the Administrator Back-end via the sitename/administrator URL.
Click on Site, then User Manager
Click on the check box next to the user you want to change, then click Edit in the top right corner.
In the User Details section, change the user's group.
Click Save.
Currently, it appears that Joomla has an opt-in 2FA implementation.
Is it possible to force our users to use 2FA login?
Two factor authentication is typically used for Administrators and up. Setting it up can be tricky (the user needs to download and initialize the google app), so each user should do it individually.
Since you're creating the users (you need a Super User to add new users) you could create a new user group with access only to com_users, so they may set up two-factor authentication; then once they do manually move them to a higher group which will give them full access to the administrator.
You will also need to create a template override so the admin users won't be able to change the two factor authentication preferences.