Joomla's Access Control List (ACL) system is one of the most powerful in any CMS. It separates User Groups (who the user is) from Viewing Access Levels (what they can see) from Permissions (what actions they can perform). These three layers combine to give very precise control over every aspect of the site.
User Groups
Go to Admin → Users → Groups. The default hierarchy:
| Group | Default capabilities |
|---|---|
| Public | All unauthenticated visitors — view public content only |
| Guest | Same as Public with specific guest-only module visibility |
| Registered | Logged-in users — view restricted content |
| Author | Create and edit own articles |
| Editor | Create and edit all articles |
| Publisher | Create, edit, and publish all articles |
| Manager | Full admin access except global config and user management |
| Administrator | Full admin access except super user actions |
| Super Users | Unrestricted access to everything |
Viewing Access Levels
Go to Admin → Users → Access Levels. An access level is a named set of user groups. Assign an access level to any article, category, module, menu item, or extension to restrict visibility to those groups.
Default levels: Public, Guest, Registered, Special, Super Users. Create custom levels (e.g. "Members", "Premium") for fine-grained control.
Permissions
Permissions control actions (not visibility). Configured at four levels, each inheriting from above:
- Global Configuration — site-wide defaults
- Component — per component (e.g. com_content)
- Category — per category within a component
- Item — per individual article or contact
Key actions: core.create, core.delete, core.edit, core.edit.own, core.edit.state.
Managing Users
Go to Admin → Users → Users to search, filter, block, unblock, delete, and reassign group membership. Click a username to edit the account directly.