Example setup ACL

Joomla Usergroups and Virtuemart Shoppergroup

Joomla usergroups and VirtueMart shoppergroups are not related.

Joomla usergroups define the Access Control Levels - ACL (The actions and views allowed).

VirtueMart shoppergroups are assigned to customers of your store. They can control the products customer see, the prices they pay, shipping options available etc.

Access Control Levels are controlled by Joomla usergroups not Virtuemart shoppergroups.

VirtueMart registered shoppers are assigned to the a default Joomla usergroup "Registered".

Setup the ACL

Which Joomla usergroups

For many store owners, existing Joomla usergroups will be suitable for basic access control.

Every Joomla installation has a usergroup Manager with a subgroup of Administrator

You might decide that the usergroup Manager would have a wider level of access to VirtueMart functions than the Administrator

If you require something different you can create your own Joomla usergroup(s) (e.g. example "Store manager" or "Vendor".)

Setup VirtueMart access for a usergroup

To access the ACL permissions for VirtueMart - Go to a backend VirtueMart view (e.g. the configuration view) and select the "permissions" option.

This will take you to the ACL permissions control for the VirtueMart functions.

Note - this screen shows all VirtueMart functions and makes it easier to configure the permissions in one screen.

Select the usergroup you want to review (and/or adjust) on the left of the page. You will be shown the permissions for that usergroup and can adjust them accordingly.

Usergroup permission inheritance

Joomla allows subordinate usergroups to inherit the controls of the usergroups that are above them in the hierarchy

This is often very useful - you will almost certainly want to override the permissions for subordinate groups.

The Administrator usergroup initally inherits the access permissions of the Manager group

  • Manager
    • => Administrator (Access levels inherited from the Manager - can be overriden)

Setup the permissions for the Manager first.

Then choose the Administrator (all of the access permissions from the Manager are set to "inherited".)
Adjust the Manager permissions as you require (you will most likely want to remove some of the permissions.)

If you do not like this inheritance - setup new top level Joomla usergroups for each type of user in your business. e.g.

  • Store Owner
  • Store Admin

Assign a Joomla user to a usergroup

When you create or modify a Joomla user - you can assign the usergroups that they "belong" to. A user can belong to more than one Joomla usergroup. (This allows for some really creative VirtueMart access control settings.)

Assign the user to the Registered usergroup as well as the VirtueMart ACL usergroups. DO NOT allow any VirtueMart access permissions for the "Registered" usergroup! This could give VirtueMart admin access to customers..

Frontend and backend access to VirtueMart functions for a Joomla usergroup

If you want to allow your Joomla users to manage the store through the Joomla frontend and or backend, you can adjust the VirtueMart permissions as follows.

Allow Frontend Management, but not Backend:

- "Access Administration Interface" => Not Allowed (Denied)
- "VM Manager" => Allowed

Allow Backend Management, but not Frontend:

- "Access Administration Interface" => Allowed
- "VM Manager" => Not Allowed (Denied)

Allow Backend and Frontend Management:

- "Access Administration Interface" => Allowed
- "VM Manager" => Allowed

You can then adjust each VirtueMart function's permission to meet your needs:-

Allow viewing of Orders but no edit or update of status

- "Order access" => Allowed
- "Orders edit" => Not Allowed (Denied)
- "Order status change" => Not Allowed (Denied)

Allow editing and update of Orders

- "Order access" => Allowed
- "Orders edit" => Allowed
- "Order status change" => Allowed