Security
Security in Joomla
We advise you to configure a strong password requirement in Joomla: minimum 6 characters, and 1 special character. The /administrator/ should have a access pop up by usig apache of nginx functionality. Using fail2ban to deny ip access when more than 5 incorrect username / password combinations have been tried.
Typical Roles for My Member Software
Applicant
An applicant is someone that wants to register for membershop. In most times this person does not have an existing joomla account and is therefore is not logged in and acts under the joomla user group Guest..
Make sure you set up a form for this usergroup.
In order for an applicant to register it needs some acl authorisation too.
- Right to change password
Member
Board
Administrator
Contents
Formerly Predefined Roles
(* done) ported to acl system
Roles and their access are now dynamically created during setup.
Admin
User does not have to have an MMA profile.
- Can do nothing?
(could update role secretary but nothing more, but it might have disappeared in the course of time)
Aspirant
- person that has a joomla profile and filled in a registration form which has not have been approved
- Has no further rights
Afdelingsbestuur
User does not have to have an MMA profile.
- Has the right to update his MMA Profile.
- Has the right to update profiles of MMA members in the same department
- Has the right to run reports of MMA members in the same department (* done)
- Does not have the right the rights to export financial fields in reports (* done)
- Does have the right to validate/activate the mandate of other members (* done)
- Does have the right to decline the mandate
- Access to Ideal gateway
Secretariaat
A Person with a joomla account, does not need to have a MMA Profile
- has access to decline the mandate of other members (*done)
- has access to approve the mandate of other members (*done)
- has access to view the mandate of other members (* done)
- has access to send the mandate of other members with email (* done)
- has access to save MMA Profile even when not all required fields are entered (* done)
- has access to view invoices (* done)
- has access to create a credit note (* done)
- has access to Ideal gateway (* done)
- has access to assign all payment methods, even disabled ones (* done)
- has access to events
Controleur
A Person with a joomla account, does not need to have a MMA Profile
- has access to view all members data
- has access to view invoices of all members
Lid
Member does not need a Joomla account to be member, He does need a joomla account in order to maintain his own profile
User needs to have an MMA Profile
- has access to update his MMA Profile.
- has access to Ideal gateway
- has access to view his invoices
- has access to events
Gepensioneerd (deprecated)
Secretariaat HRM (deprecated)
ACL access actions already in MMA
| Title | description |
|---|---|
| Access : Member Administration Overview | Provides access to the administration view |
| Access : Edit member profile | Provides access to edit a member |
| Access : Overview new members | Provides access to view newly applied members |
| Access : Administrate my data | Provides access to edit your own profile |
| Access : Create new member | Provides access to create a new member |
| Access : Dashboard key figures | Provides access to the key figures reporting page |
| Access : Contribution | Provides access to the key contribution reporting page |
| Access : Send contribution notifications | Provides access to thesend contributins page |
| Access : Export memberdata | |
| Access : Export active member data | |
| Access : Labels new members | |
| Access : Labels terminated members | |
| Access : Labels deceased members | |
| Access : Labels per department | |
| Access : Labels birthdays | |
| Access : Labels clubcard | |
| Access : Labels non email | |
| Access : Overview membership fees | |
| Access : Report mandates | |
| Allows a person to activate a mandate | |
| Allows person to deactivate a mandate | |
| Send mandate pdf\'s by email | |
| Access : to download mandate pdf | |
| Editing : Create credit invoices | |
| Right to view invoices | |
| Right to mark invoices as payed | |
| Allow setting all payment methods | |
| Right to perform iDeal payments (requires jdidealgateway component) | |
| Right to export financial data | |
| Save : Saving member data | |
| Save : Save incomplete member data | |
| Delete : deleting of images | |
| The right to manage other groups | |
| The right to manage same groups | |
| Change rights of other members |
