Jump to main content Jump to doc navigation

What is a Permission?

A Permission in Revolution is a single access control that allows or denies execution of a single task. You can think of a permission as a checkbox: can a user perform an action or not?

An example Permission is "content_types" - if a user's Policy does not contain this Permission, then the user will not be able to perform that action. In this case, the user can not view the Content Types page.

Normally you don't deal with permissions individually, but in groups called Access Policies. An Access Policy is a list of individual permissions (also called an Access Control List or ACL). For example, if you need to grant users the permissions necessary to edit content in the manager, you can assign them to use the "Content Editor" policy.

MODX permissions are always additive: if a permission exists on "Access Policy A" and not on "Access Policy B" and you add both policies to a user, the effective policy is a collection of all the permissions defined in both policies. Adding more policies will never remove permissions for a user. For example, if you add a limited "Load Only" policy to an administrator user, the administrator user will still be able to do all the things defined in the Administrator policy.

Usage

In practice, Access Policies are associated with User Groups (not with individual users). Access Policies are associated with a User Group, and users may be added to the group.

Access Policies (ACLs) define lists of permissions (see Security --> Access Controls). These lists contain groups of permissions that belong together.

  1. Permissions - Administrator Policy
  2. Permissions - Resource Policy

See Also

  1. Users
  2. User Groups
  3. Resource Groups
  4. Roles
  5. Policies
  6. Permissions
    1. Permissions - Administrator Policy
    2. Permissions - Resource Policy
  7. ACLs
  8. PolicyTemplates
  9. Security Tutorials
  10. Giving a User Manager Access
  11. Making Member-Only Pages
  12. Creating a Second Super Admin User
  13. Restricting an Element from Users
  14. More on the Anonymous User Group
  15. Hardening MODX Revolution
  16. Security Standards
  17. Troubleshooting Security
  18. Resetting a User Password Manually

There are also "Policy Templates" -- these help organize the lists of permission in the Access Policies. An Access Policy is a list of checkboxes, the Policy Templates define which checkboxes are available for an Access Policy. Because the full list of permissions may be quite long, it's not efficient to define Access Policies while having to wade through hundreds of checkboxes. Policy Templates allow you to narrow down the options available to an Access Policy.