Access users only resources MODX 3

Hi, all

I only need to allow access to some feature pages like editing and deleting in MODX 3. I followed some MODX 2 tutorials, but when I login it denies access. Any suggestion?

I’m not aware of any changes to the permissions in MODX 3.

Is this in the manager or on the front-end?

Can you describe exactly what you have done?

For manager:

Steps:

  1. context>resources group>create resource group> drag resources
  2. access control lists>create resource group[context:mgr]>
  3. edit user group>access permissions> contexts>add context[mgr, super user, [load, list,view]]> users> add user group> user:xxx role:member

So you are trying to log in as the user xxx into the manager, but you get a “Access denied.” message?
Is that the problem?

Do you mean “user group”?

Why do you use “Super User” as the role here, but then add user xxx to the group with the role “member”?

“Load, List and View” seems to be the wrong access policy to access the manager. Try creating a new one based on “Content Editor”. You need at least the frames permission to access the manager.

Hi, @halftrainedharry! thanks for sharing support

i change super user to > member and set as < content editor > access working fine but no appear tree resources.

I believe you need basic context permissions (load, list) to the context the resources are in (probably “web”) to see them in the resource-tree.

What is the end goal here? A user can’t see a selection of resources? A user can only see a selection of resources?

A user can only see certain resources.

I could be wrong, but I believe the only way to do this, is to put all the resources the user shouldn’t have access to, into a resource group.
(Which can be cumbersome if you are going to constantly add new resources. Maybe you could use the extra DefaultResourceGroup for this.)

Maybe also read the chapter “Limiting Manager Users to a Subset of Resources using User and Resource Groups” on the page Bob's Guides | Hiding Resources in the Manager.

Halftrainedharry is correct. The only easy way to hide resources is to put them in a resource group that’s connected to a user group that the user is not a member of.

In theory, you can also hide them by by making sure the user doesn’t have the authority level in the group that would let them see the resources, but imo it’s a lot easier and more reliable to just have separate user groups for separate access to resources.

In other words, put all resources on the site in a resource group that’s connected to the Administrator group. Then put the limited users in a different user group, put the limited resources in a different resource group and give that limited group access to the resource group containing the limited resources.

Be sure to add yourself (and any other admins) to the limited user group, otherwise you may end up hiding the resources from yourself.

Further to this you’ll also want to use a plugin that automatically puts new resources in the user group of the parent. Otherwise, you’ll create new resources that are either exposed to everyone or nobody.

Thanks @halftrainedharry @bobray @smashingred for considerations.
Let’s go to a simpler way of understanding, create a user to view only the resources of the tree, I confess that for years using MODX my understanding of this is still not so clear. I’ve already used the web user management and I didn’t find it that complicated. But anyway, I’m going to research more about it to understand it in practice.

@rocaoliveira I get your goal here: create a user to view only the resource of the tree. This seems like it should be straightforward but there are a number of facets that actually control this.

  • At the foundation, will be your Access Policy
  • Then User Group
    • User Group Access and Settings
  • Then Resource Groups
    • Resource Group Assignment
    • Resource Group Plugin
  • Then Manager Customization if you want to not display fields on the views.

I have a working demo of this in MODX Cloud I can do a screencast to give you a fairly quick walkthrough to get a sense of what’s needed. It isn’t hard but it is tedious and fussy. I feel I understand it at about an 85%, but well enough to make it work.

This is not to say you will need all the components as much as it will give you some ideas of what you can do.

Speaking of videos … :wink:

Here’s a ~50 minute video of me explaining the MODX Security Permissions system from the inside out.

@smashingred It would be very good to understand this didactic and visual way (video) because I intend to apply and teach new MODX 3 enthusiasts in the future. Let me know when I can make this material available.