Jump to main content Jump to doc navigation

What is a Permission?

A Permission in Revolution is a single access control that allows or denies execution of a single task. You can think of a permission as a checkbox: can a user perform an action or not?

An example Permission is "content_types" - if a user's Policy does not contain this Permission, then the user will not be able to perform that action. In this case, the user can not view the Content Types page.

Normally you don't deal with permissions individually, but in groups called Access Policies. An Access Policy is a list of individual permissions (also called an Access Control List or ACL). For example, if you need to grant users the permissions necessary to edit content in the manager, you can assign them to use the "Content Editor" policy.

MODX permissions are always additive: if a permission exists on "Access Policy A" and not on "Access Policy B" and you add both policies to a user, the effective policy is a collection of all the permissions defined in both policies. Adding more policies will never remove permissions for a user. For example, if you add a limited "Load Only" policy to an administrator user, the administrator user will still be able to do all the things defined in the Administrator policy.

Usage

In practice, Access Policies are associated with User Groups (not with individual users). Access Policies are associated with a User Group, and users may be added to the group.

Access Policies (ACLs) define lists of permissions (see Menu --> Access Controls). These lists contain groups of permissions that belong together.

  1. Permissions - Administrator Policy
  2. Permissions - Resource Policy

See Also

  1. Users
  2. User Groups
  3. Resource Groups
  4. Roles
  5. Policies
    1. Permissions
      1. Permissions - Administrator Policy
      2. Permissions - Resource Policy
    2. ACLs
    3. PolicyTemplates
  6. Security Tutorials
    1. Giving a User Manager Access
    2. Making Member-Only Pages
    3. Creating a Second Super Admin User
    4. Restricting an Element from Users
    5. More on the Anonymous User Group
  7. Hardening MODX Revolution
  8. Troubleshooting Security
    1. Resetting a User Password Manually

There are also "Policy Templates" -- these help organize the lists of permission in the Access Policies. An Access Policy is a list of checkboxes, the Policy Templates define which checkboxes are available for an Access Policy. Because the full list of permissions may be quite long, it's not efficient to define Access Policies while having to wade through hundreds of checkboxes. Policy Templates allow you to narrow down the options available to an Access Policy.

Support the team building MODX with a monthly donation.

The budget raised through OpenCollective is transparent, including payouts, and any contributor can apply to be paid for their work on MODX.

Backers

  • modmore
  • STERC
  • Jens Wittmann – Gestaltung & Entwicklung
  • Fabian Christen
  • Digital Penguin
  • Dannevang Digital
  • Sepia River Studios
  • CrewMark
  • Chris Fickling
  • deJaya
  • Following Sea
  • Anton Tarasov
  • eydolan
  • Raffy
  • Lefthandmedia
  • Murray Wood
  • Snow Creative
  • Nick Clark
  • Helen
  • JT Skaggs
  • krisznet
  • YJ
  • Yanni
  • Richard

Budget

$366 per month—let's make that $500!

Learn more