This can turn really complex and painful if you want more than the base permissions and if you want to play with resource groups. If you just want to do it with base plain permissions, this should be easy.
It is possible to have users that can only access to Fred without Manager access, and also have access to the manager, limiting the user to a set of menus or options, but this requires a lot of work and testing (customization).
You can achieve this by using Access Control lists.
Steps for a simple example:
You will need to create a new user group where you will add those new users, and then, edit it (right click over it);
then you need to ensure on your Conext Access that you link “Web” with Fred Editor role in order to allow them to edit in the frontend. If you want that same user group to be able to access manager for content editing, assign the “mgr” contect and assign “Content Editor”.
This way you will be able to have a specific group for fred editing and manager access for content editing.
If you need more, privileges than those that I suggested, you can assign a different access policy option or duplicate the one that you want as base template and edit it as per your needs (this can be done on the Access Control Lists, under “Access Policies” menu).
Your permissions on the minimum role need to be set for the role you created, setting an authority of 9000 (as an example).
And you are missing the login plugin on your website
You will not be able to login on to manager because you don’t have the mgr key assigned to the user.
So you will only be able to achieve what you expect by installing Login extra and perform a simple integration with the frontend.
On the “Clear Cache”, “Flush Your Permissions”, and then “Logout all users” (if you are on dev environment);
When going to the frontend, and after login, if login is successfull, you should see fred editor plugin. If you don’t see anything, try to go to the homepage again (reload it), as you might have not configured login extra to redirect you to the home page possibly.
Tested this now on my local dev environment using clean install of Mox 2.7.3 with Latest fred and Fred Base Demo Template, and latest login extra.
Ah, that was it! I had done everything exactly as you described, but in your screenshot of Step 6 I noticed you also have another context permission – “web” with minimum role Member 9999 and access policy Context. That’s what was missing!
Seems to be working now Many thanks for your patience!