A previous thread started by T J Hearne
http://modxcms.com/forums/index.php?topic=57620.0 about new user access permissions came to an end with a 13-point plan for creating a new user which seemed to make it perfectly clear how to create a new user with permission to access the manager and do stuff like edit resources. That made me hopeful. Followed the plan to the letter, but I still couldn’t use my new users name and password to log into the manager. Found Bob Ray’s long article
http://bobsguides.com/revolution-permissions.html and learned a lot from that and started feeling hopeful again. Picked up the tip about going to System Settings and tweaking Allow_Root to let new users create resources (but they have to be able to log in before they can contemplate creating resources and I hadn’t got that far yet). Tried again. Failure.
Here is the process as I have understood it so far (presented as if I know what the heck is needed and am in a position to give advice to others). Somewhere there is a mistake. Where?
1. A new user must have a role to play, so...
First create the role that the new user will play. Go to Security -> Access Controls, click the tab "Roles" and click the option "Create New". Give the role a name, description and authority number (e.g. Editor, Permission to edit content, 9).
2. A new user must belong to a group, so...
Next to the Roles tab in the Access Controls section is a tab marked "User Groups". Click it and click the option to add a new user group. Give the group a name.
3. The new user in this group will need to have access to the back end of Modx (the manager), so...
While still in the "Access Controls" section with the list of user groups displayed, right-click the name of the new user group and select "Update User Group". This calls up the options to determine what people in this group can actually do. The "Context Access" tab is absolutely crucial. N.B. If the new user group is not explicity given access to the manager context, users in that group won’t be able to log into the manager admin area. So under "Context Access" click "Add Context" and select "mgr". Do the same for "web".
4. Once the role and the group have been defined you can say who exactly is going to play that role in that group, so create the new user. Click Security -> Manage Users and click the option "Add New User". Under "General Information" you can set the username and password and contact details. Then under "Access Permissions" you can specify the group the user will belong to and the role s/he will play in the group. (Once the group has been added, right-clicking on the name of the group calls up the option to update the details, which includes setting the role to be played in that group.) Click "Save".
5. So the new settings take effect, click Security -> Flush Permissions.
6. Log out then log in with the username and password of the new user to test that things are as they ought to be.
I did all that, opened up a new browser (just in case) and tried to log into the manager with the new user’s details. Result: Access denied ("You do not have the proper access policy permissions to view this page. If you feel this is in error, please contact your systems administrator").
Where did I go wrong?