Authorization groups

From MyMemberSoftware wiki
Jump to navigation Jump to search

In MMS - Administration, there is infinite levels of authorization, all with different rights. A basic setup consists of:

The authorization levels are mapped to Joomla groups in the /administrator backend, so that they can have the name and the authorization that the association needs.

In the frontend, the following groups are not shown, because they are considered "system groups":

  • the guest group (not logged in)
  • the Joomla default group after register
  • the MMS default group after application.

Types of member admins:

  • Member Administrator: the most extensive rights on all members and all their data;
  • Board: the right to view member data;
  • Groupadmin: the right to manage members in the same group (value in group field). Every member can be part of multiple groups;
  • Parents and childs: the right to perform certain actions on their childs. This feature is not just for families, but is also usable for companies with employees, sponsors with multiple contactpersons, federations with clubs and in general when an extra layer of organization is needed between groups and members.

Groups in MMS are dynamic. Each group can be given different permissions and fields on the data.

It is important that every joomla user is in only 1 MMS group (defined in Roles) at the same time. If users are in multiple MMS groups, the permissions will be random and results will be unpredictable. The solution is to assign members the Role that has the most permissions via MMS.

The superuser (superadmin) is a special class, that by default has all the permissions at the mms functions (from the options-> permissions) and the menu items, but if this superadmi ngroup isn't mapped to a Role, the fields cannot be shown in MMS. The result is "Incorrectly set columns in members overview". Which means that this group has no permissions on the fields to be shown in the overview. Solution is to assign the member administrator to the superadmin.

Authorizable data elements:

  • Members: Rows in table #__leden
  • Member details: Columns in table #__leden

Permissions (ACL actions):

  • leden.eigen.groepen.beheren: The right to manage members in the same groups the manager belongs to.
  • leden.andere.afdelingen.beheren: The right to manage members in any group (i.e. all members)