Hi there!
I am trying to figure out how I can protect certain resources from deletion 
My clients are very creative and I need to kind of restrict them a little hehe
I have been trying to create a Resource Group and add the resources to it. But I havenât managed to set it right yet⌠you know some nice tutorials maybe? I will look through the documentation again, but I find it hard to get a hang of it.
Best,
Kangeroo
Hi @RandomKangeroo,
You need deeper understanding of ACLâs, old forum can be very helpful here, f.e. https://forums.modx.com/thread/?thread=73687&page=1
thanks I will look through it
Im actually having a similar issue like in the link you send.
Did this:
Consequence: The client can delete all he likes (even if a resoruce is part of resoruce group âAdmin Editorâ)
â> When I turn it around (so I change Context Access to policy âload, list, viewâ and in Resource Group access to âResourceâ), then the client cannot remove anything at all.
I guess I miss something really easy right?
Imo, itâs usually easier to apply permissions if you put people with different access needs in different user groups. It makes it a lot simpler understand and to diagnose problems.
Once the user has been removed from the group youâre in and put in another group, you can change the policy in the ACL entry that lets that group use the Manager.
Duplicate the Administrator policy, and in that duplicate policy, uncheck all the delete_*** permissions. Also uncheck access_permissions (so they canât change their own security level and yours). Uncheck any other permissions you donât want them to have.
Then use that policy in the Context Access ACL entry for that user group for the âmgrâ context.
That will prevent them from deleting anything anywhere in the Manager without needing resource groups.