Authorization groups

From MyMemberSoftware wiki
Jump to: navigation, search

In MMS - Administration, there is infinite levels of authorization, all with different rights. A typical setup consists of:

The authorization levels are coupled to Joomla groups in the /administrator backend, so that they can have the name and the authotization that the association needs.

Authorizable data elements:

  • Members: Rows in table #__leden
  • Member details: Columns in table #__leden

Permissions (ACL actions):

  • leden.eigen.groepen.beheren: The right to manage members in the same groups the manager belongs to.
  • leden.andere.afdelingen.beheren: The right to manage members in any group (i.e. all members)

Types of members (Joomla! User Groups):

  • Members: Have no management rights whatsoever,
  • Groupadmin: Have the right to perform actions of type leden.eigen.groepen.beheren. This group used to be "afdelingsbestuurder" (group determined by column #__leden.afdeling)
  • Memeber administrators: Have the right to perform actions of type leden.andere.afdelingen.beheren. This used to be "secreatariaat".

Groups in MMS are dynamic. They are determined based on the contents of columns in the member table (#__leden). In the Form Field Manger fields of type "select" and "checkbox" can be configured to serve as group fields.

It is important that every joomla user is in only 1 MMS group (defined in Roles). If users are in multiple MMS groups, the permissions will be random and results will be unpredictable. The solution is to assign members the Role that has the most permissions via MMS.