The next major release of the Joomla web content management system will be Joomla v1.6 (news, site). This version has been in the works for some time, and was released as a public alpha version earlier this year.
The most significant changes for this release are the new advanced security and permissions features. These provide system administrators control over who can edit what and access which components, modules and plugins.
Current Joomla! Security Controls are Lacking
One of the most significant shortcomings of Joomla 1.5 is the lack of advanced ACL (Access Control List) functionality. Users can be put into different access level categories. Those categories are not flexible enough, though.
There are currently three different front-end access level groups, and four groups for back-end administrators. These groups control what type of actions the group members may take and what functions they may use.
There is no way of restricting specific content to chosen groups of users or single users. This has been a major shortcoming of Joomla and consequently has been a high priority enhancement for some time.
Joomla 1.6 ACL: A Different Ballgame
Happily, Joomla users can rejoice when Joomla 1.6 is released. It represents a huge step forward for the project. The new version will include a greatly improved internal security system. The system will enable administrators to set up groups and assign content and functionality to those groups.
Ease of Use is Vital
There are many ways of creating such a system. There are several reasons the development time has been long (actually, the work on this functionality was started over four years ago). The most important one is that the development team wanted a system which is dead-simple to use. They have spent a lot of time finding a solution which is intuitive and fun to use -- and from what I can see from the preliminary release, they have succeeded doing just that.
As Hannes Papenberg of the development team writes in a blog post on Joomla.org:
As of last night (Oct 2, 2009), we finally have found a solution that provides the maximum of flexibility, is usable by a four year-old and won't have any really measurable impact on the performance.
How does it work?
In Joomla 1.6 you can create new groups and assign users to more than one group. These groups are formed in a tree, which means that if you are a member of the group "Administrator," you automatically inherit access rights from the group "Manager" below you.