Revo: Limiting Access to Manager Docs

One of the features that I loved about MODx Evolution (Evo) was how easy it was to customize an end user’s experience. In Evo this was accomplished by manipulating the ManagerManager snippet and the User Permissions system. In Revolution (Revo) these tasks have been consolidated into core functions. The new processes have not always seemed as easy or as intuitive as Evo, but with recent changes to the Form Customization interface and a little direction, it is now much more manageable.

I will not delve into Form Customization in this post, but if you haven’t looked into the recent changes it’s definitely worth investigating. The implementation is much simpler than it was previously and has been greatly improved with recent upgrades.

The Goal

The goal of this post is to explain how set up an end user that can log into the MODx Revolution manager and edit content without seeing specific pages. In this example I have a small site with only a single end user and as the super admin I have documents (XML sitemap, Error page, etc.) in the manager that need to be hidden from my end user. I will walk through how to use the Access Controls and Resource Groups to make this happen.
MODx Admin Screen Shot
Keep in mind that all the action in this process occurs in the Security drop down menu and includes sub-sections: Manage Users, Access Controls and Resource Groups.

Creating A User

We will need to create our user, but let’s first create a User Group. To do this go to Security->Access Controls->User Groups (tab). Select New User Group and name it. In this example it will be called End Users.

Now, go into Security->Manage Users and create a new user. Don’t forget to go into the Access Permissions tab and place the user into the new End Users group.

Create a Resource Group

Next, you will need to create a Resource Group. This will allow you to identify the documents you want hidden by moving them into this Resource Group. To do this go to Security->Resource Groups. Select Create Resource Group and name it (in this example I have named it Admin Only). Once this is done, drag the appropriate resources into this Resource Group to hide them from any member of the End Users group.

Create Access Controls

The rest of our tasks occur in Security->Access Controls.

  1. Go into the Roles tab. Select Create New, name it (mine is Admin Only) and give it an Authority (I used 1).
  2. Now go back to the User Groups tab and right click on the Administrator Resource Group and select Update Group. Go to the Resource Group Access tab and select Add Resource Group. You will want the fields to be as follows:
    • Resource Group: Admin Only
    • Minimum Role: Super User – 0
    • Access Policy: Resource
    • Context: mgr
  3. Don’t forget to hit Save here!
  4. Now go back to the User Groups tab and right click on the End Users Resource Group and select Update Group. Go to the Resource Group Access tab and select Add Resource Group. You will want the fields to be as follows:
    • Resource Group: Admin Only
    • Minimum Role: Admin Only – 1
    • Access Policy: Load Only
    • Context: mgr
  5. Don’t forget to hit Save here!

As always, the MODx forums were a great help in figuring this out. My approach was derived from jusmeig’s solution.

8 Comments. Posted by on Tuesday, January 11, 2011 at 1:11 pm.

Filed under CMS, Development.

  • Olle

    Strange.. Didnt work for me. It actually hides the resources – that i have added to admin only – for me as an admin.

  • http://www.gregorysmart.com Gregory Smart

    I would definitely recommend going over to the forums to help troubleshoot: http://modxcms.com/forums/. Also don’t forget to go to Security->Flush Permissions as you correct your settings. There’s also a lot of helpfulr folks on Twitter, just use the #modx tag.

  • Michael

    on ‘Creating A User’ stage, on Access Permissions tab when placing the user into the new End Users group what role should be assigned? (none,admin,member,?)

  • http://www.gregorysmart.com Gregory Smart

    If I understand your question correctly you will need to have/create a role
    with an Authority of at least 1.

  • Anonymous

    HI Greg.
    Great tuts!
    Can I ask which version of Rev you used for this demo?
    Was it version 2.05 or later with the addition of the Access Policy Templates?

    I’m not getting this to work either, same problem as above with versions 2.06 & 20.7.

  • http://www.gregorysmart.com Gregory Smart

    Thank You.

    I believe that it was 2.0.6-pl. This was posted on 1/11/11 and 2.0.7 was released on 1/14/11. As far as troubleshooting I would probably refer you to the forums. There are lots of folks there 24/7 that are eager to help. You are welcome to post here as well. Either way I would love to have you post your issue and solution here.

  • Michael

    Yeah, thanks, i figured it out.
    I think it’s worth mentioning to create a role (e.g. ‘editor’) with an Authority of at least 1 and only then go to Security->Manage Users and create a new user assigning him to the created role on the created user group.
    Just a suggestion to clarify.

  • Anonymous

    Thanks Christian.
    That was the addition I needed to get things to work.