Understanding Joomla 6 Access Control Levels (ACL)

Written by: Thanh Le | 14 October 2025 | Hits: 14
3 min read
Understanding Joomla 6 Access Control Levels (ACL)

Joomla’s Access Control Levels (ACL) system is what makes it one of the most flexible CMS platforms available. It lets you control exactly who can view, edit, or manage specific parts of your website. In Joomla 6, the ACL system has been refined to be even more powerful and easier to use.

1. What Is ACL in Joomla?

ACL (Access Control List) determines what actions users are allowed to perform and which parts of the site they can access. It’s built around three key elements:

  • User Groups – define roles, such as Registered, Author, Editor, or Administrator.
  • Access Levels – control which groups can view certain content.
  • Permissions – specify what actions each group can perform (like edit, delete, or publish).

2. Default Joomla 6 User Groups and Permissions

Here’s how the main user groups work in Joomla 6:

  • Public: Anyone can access public content.
  • Registered: Logged-in users can access private content.
  • Author: Can create articles but not publish them.
  • Editor: Can edit existing content from any user.
  • Publisher: Can create, edit, and publish articles.
  • Manager: Can manage content and limited backend functions.
  • Administrator: Has access to all backend features except Global Config.
  • Super User: Full permissions — can do anything.

3. Viewing Access Levels

Access Levels determine who can view what on your site. To view or manage them:

  • Go to Users → Access Levels.
  • You’ll see three default levels: Public, Registered, and Special.
  • Each access level can include one or more user groups.

For example:

  • Public: visible to everyone.
  • Registered: visible only to logged-in users.
  • Special: visible to Editors, Publishers, and higher.

4. Creating a Custom Access Level

If you need finer control, you can create your own access level:

  • Go to Users → Access Levels → New.
  • Enter a name, such as “Members Only”.
  • Check the boxes for the user groups that should have this access.
  • Click Save & Close.

You can now assign this access level to specific articles, categories, or menu items.

5. Setting Permissions for User Groups

Permissions define what actions each group can perform — like create, edit, delete, or configure.

  • Go to System → Global Configuration.
  • Select the Permissions tab.
  • Choose a group from the left panel (e.g. Author, Editor).
  • Adjust the permissions as needed and click Save.

You can also set permissions at category or component level, allowing granular control. For instance, you can let Authors edit only one specific category.

6. Example Use Case

Let’s say you want to allow Editors to manage News articles, but not other sections:

  • Create a new category called “News”.
  • Go to that category’s Permissions tab.
  • Under Editor, set Edit and Edit State to “Allowed”.
  • Click Save.

Now, Editors can manage only the News category — not the rest of your site.

7. Tips for Beginners

  • Start simple — use default groups until you fully understand ACL behavior.
  • Always test your permissions using a test account before going live.
  • Keep Super User access limited to trusted administrators only.

8. Summary

The Joomla 6 ACL system gives you precise control over who can do what on your website. By combining user groups, access levels, and permissions, you can create a secure and well-organized site structure.

Next, we’ll learn how to organize your content effectively in Creating and Organizing Articles, Categories, and Tags.