|
| 1 | +:navigation-title: Groups |
| 2 | + |
| 3 | +.. include:: /Includes.rst.txt |
| 4 | +.. _backend-users-groups: |
| 5 | + |
| 6 | +========================= |
| 7 | +TYPO3 backend user groups |
| 8 | +========================= |
| 9 | + |
| 10 | +All backend users without `administrator <https://docs.typo3.org/permalink/t3start:backend-users-admin>`_ |
| 11 | +privileges should belong to at least one user group, which is used to grant |
| 12 | +backend permissions. |
| 13 | + |
| 14 | +.. contents:: Table of content |
| 15 | + |
| 16 | +.. _backend-users-groups-quick: |
| 17 | + |
| 18 | +Quick start: Auto-create backend user groups for editors |
| 19 | +======================================================== |
| 20 | + |
| 21 | +Manually creating backend user groups in TYPO3 is quite a complex task. We |
| 22 | +therefore suggest to start with the two automatically created groups "Editor" |
| 23 | +and "Advanced Editor" and adjust them to your needs. |
| 24 | + |
| 25 | +These two user groups can be auto-created by the following TYPO3 console command: |
| 26 | + |
| 27 | +.. tabs:: |
| 28 | + |
| 29 | + .. group-tab:: DDEV |
| 30 | + |
| 31 | + .. code-block:: bash |
| 32 | +
|
| 33 | + ddev typo3 setup:begroups:default -g Both |
| 34 | +
|
| 35 | + .. group-tab:: On server |
| 36 | + |
| 37 | + .. code-block:: bash |
| 38 | +
|
| 39 | + vendor/bin/typo3 setup:begroups:default -g Both |
| 40 | +
|
| 41 | +There is, as of date now, a way to create these groups using the backend or install |
| 42 | +tool API (See open issue https://forge.typo3.org/issues/106098 ). |
| 43 | + |
| 44 | +The `TYPO3 Editors Guide <https://docs.typo3.org/permalink/t3editors:start>`_ |
| 45 | +expects that your user belongs to one of these two groups, with some additions. |
| 46 | + |
| 47 | +.. _backend-users-groups-upload: |
| 48 | + |
| 49 | +Grant access to the user_upload folder (file mounts) |
| 50 | +==================================================== |
| 51 | + |
| 52 | +The :ref:`automatically created user groups <backend-users-groups-quick>` from |
| 53 | +the previous step have access to the :guilabel:`Filelist` module, however, as |
| 54 | +file mount is created automatically, they will only see an error message: |
| 55 | + |
| 56 | +.. figure:: /Images/ManualScreenshots/BackendUser/MissingFolderPermissions.png |
| 57 | + :alt: Error message: Missing folder permissions. You have no access to the folder "1:/user_upload/". |
| 58 | + |
| 59 | + Error message when a user with the auto-generated groups opens the Filelist module |
| 60 | + |
| 61 | +Unless your users or their groups have at least one file mount they will not be |
| 62 | +able to upload files including images. |
| 63 | + |
| 64 | +To create a file mount, go to the backend module :guilabel:`File > Filelist` |
| 65 | +then choose the folder in which you want to create a file mount. |
| 66 | + |
| 67 | +Right click on the folder in the directory tree and choose "New Filemount" |
| 68 | +from the context menu: |
| 69 | + |
| 70 | +.. figure:: /Images/ManualScreenshots/BackendUser/CreateNewFilemount.png |
| 71 | + :alt: New filemount option in the dropdown of a folder in the Filelist module in the TYPO3 backend |
| 72 | + |
| 73 | + Create a new filemount, give a name to it and save it |
| 74 | + |
| 75 | +Then go to the module :guilabel:`System > Backend Users`, choose "Backend user |
| 76 | +groups" from the dropdown in the module header and edit the group of your users. |
| 77 | + |
| 78 | +In tab "Mounts and Workspaces", select field "File Mounts", choose the newly |
| 79 | +created file mount on the right to add it to the left side. After saving, |
| 80 | +backend users belonging to that group should be able to upload files. |
| 81 | + |
| 82 | +.. _backend-users-groups-manual: |
| 83 | + |
| 84 | +Manually setting up backend user permissions |
| 85 | +============================================ |
| 86 | + |
| 87 | +If you are interested in how to manually create or update a backend user group |
| 88 | +in the Backend User module, refer to |
| 89 | +`Setting up User Permissions <https://docs.typo3.org/permalink/t3coreapi:setting-up-user-permissions>`_. |
| 90 | + |
| 91 | +.. note:: |
| 92 | + Incomplete backend permissions can lead to strange behaviour and |
| 93 | + exceptions in the backend. Simulate a backend user and test their permissions |
| 94 | + thoroughly. |
| 95 | + |
| 96 | +.. _backend-users-groups-page-permission: |
| 97 | + |
| 98 | +Backend user groups and page permissions |
| 99 | +======================================== |
| 100 | + |
| 101 | +Similar to a UNIX file system where each file belongs to exactly one user and |
| 102 | +group, each page in the page tree also belongs to one user (usually the one who |
| 103 | +created it) and one group (the first group of that user). |
| 104 | + |
| 105 | +This can lead to problems because administrators often do not belong to a user group |
| 106 | +and then the created pages will also not belong to a group. |
| 107 | + |
| 108 | +This leads to the situation that even though your editor has the right to see |
| 109 | +the page tree "Backend user group > Mounts and Workspaces > DB Mounts" and they |
| 110 | +have the other necessary permissions, they still cannot see any pages because the |
| 111 | +root page was created by an administrator and does not belong to a group. |
| 112 | + |
| 113 | +You can fix such page permissions recursively in the module :guilabel:`System > |
| 114 | +Permissions`. |
| 115 | + |
| 116 | +.. figure:: /Images/ManualScreenshots/BackendUser/PermissionsModule.png |
| 117 | + :alt: The page permissions module in the TYPO3 backend. |
| 118 | + |
| 119 | +You can then fix the permissions recursively. It is recommended to have a group |
| 120 | +to which all editors belong. You can also assign this group to your |
| 121 | +administrators. The backend permissions have no effect on the administrators and |
| 122 | +all pages created by that administrator will also be visible and editable for |
| 123 | +other backend editors. |
| 124 | + |
| 125 | +If an administrator creates a page that must not be changed by an editor, they |
| 126 | +can choose the option "Restrict editing by non-Admins" (editlock) from the |
| 127 | +Access tab in the page properties. |
| 128 | + |
| 129 | +It is also possible to set default values for owner, group and permissions via |
| 130 | +page TSconfig. See `page TSconfig, permissions <https://docs.typo3.org/permalink/t3tsref:pagetcemain-permissions-user-group>`_. |
| 131 | + |
| 132 | +.. seealso:: |
| 133 | + |
| 134 | + * `TYPO3 Explained, Page permissions <https://docs.typo3.org/permalink/t3coreapi:page-permissions>`_ |
| 135 | + |
| 136 | +.. _backend-users-technical: |
| 137 | + |
| 138 | +Technical details |
| 139 | +================= |
| 140 | + |
| 141 | +Backend user groups and their permissions are stored in the database table |
| 142 | +:sql:`be_groups`. At the time of writing there are no official solutions for |
| 143 | +deployable backend user rights. You can, however, use the export / import module |
| 144 | +to export and import backend user groups. |
| 145 | + |
| 146 | +Backend user groups are database records that are stored on the virtual root |
| 147 | +page (uid=0). They can therefore also be viewed and edited in the list module. |
| 148 | + |
| 149 | +Backend user groups can inherit from one or several other user groups. In such |
| 150 | +a setting it is possible to grant additional permissions of the parent user |
| 151 | +group. It is, however, not possible to reduce the permissions of the parent user |
| 152 | +group. |
0 commit comments