Jump to main content Jump to doc navigation

What is a Role?

A role is a position or status held within a certain situation. In MODx, it can be used to group Users into a position or status within a User Group, e.g. "Editor" or "Front-end Read Only".

Roles in MODx use an integer value called "Authority". Lower numbers represent a stronger authority. E.g. a Role with Authority 10 will inherit any and all Group Policies assigned to itself and to any roles defined with Authority 11, but a user Role with Authority 11 does NOT inherit any of the Group Policies from Role 10.

Be sure you clarify your language when talking about Authority because this inverse relationship can lead to some confusing sentences.

It helps to think of "Authority" as ordinal numbers: first, second, third, etc. Authority=1 is the first authority and trumps Authority=2 (i.e. the second authority).

You should generally avoid duplicate authority numbers.

Usage

One common example is to create Roles that mimic a basic employee position structure. Let's say we create the following Roles and Authority levels:

  • Administrator - 0
  • Director - 1
  • Coordinator - 2
  • Supervisor - 3
  • Employee - 9999

We can then create a User Group called "HR Department". Within that User Group, we'll assign Users to those Roles (you can have multiple Users per Role, as well).

Now, let's say John has a Role of Coordinator. Mark has a Role of Supervisor. We're going to give Mark's "HR Deparment" User Group an Access Policy (which is a set of Permissions) called "AccountPolicy" that has the following Access Permissions in it:

  • view_accounts
  • save_accounts

We've assigned this Policy to the "web" context for our User Group "HR Department". We then set its Minimum Role value to "Supervisor":

This means that Mark has these Permissions, since he's in the User Group, and has at least the Role of "Supervisor" (which is the Role he has, specifically).

But this also means that John has these Permissions as well, since he is a "Coordinator" which has a stronger Authority level than "Supervisor". So, John as Coordinator has "inherited" the Permissions than Mark had as Supervisor.

See Also

  1. Users
  2. User Groups
  3. Resource Groups
  4. Roles
  5. Policies
  6. Permissions
    1. Permissions - Administrator Policy
    2. Permissions - Resource Policy
  7. ACLs
  8. PolicyTemplates
  9. Security Tutorials
  10. Giving a User Manager Access
  11. Making Member-Only Pages
  12. Creating a Second Super Admin User
  13. Restricting an Element from Users
  14. More on the Anonymous User Group
  15. Hardening MODX Revolution
  16. Security Standards
  17. Troubleshooting Security
  18. Resetting a User Password Manually