TYPO3 technology icon

ACL Improvements - Changes Implemented in the TYPO3 Core and Documentation

As the end of February 2024 approaches, we are beginning to finalize our work on ACL Improvements in TYPO3 as part of the Community Budget Idea we proposed for Q1, which was accepted during community voting. Our focus was on two main aspects.

Firstly, we conducted research on best practices for setting permissions in TYPO3. Based on this research, which included analyzing survey results from the community, we have created a draft document that we aim to incorporate into the official TYPO3 documentation. This document will serve as a recommendation for managing ACLs in TYPO3.

The second part of our work involved enhancing the TYPO3 installation process by adding an option to create default backend groups. These groups will come with pre-configured permission presets and will be ready for immediate use following the installation.

AI generated image

Incorporate Best Practices Guidelines Regarding Setting Up ACLs into the TYPO3 Documentation

The documentation improvements we proposed include some sections that already existed but were scattered across multiple pages in the official TYPO3 Documentation. The larger portion, however, was created based on user feedback gathered through our survey.

In this document, we have described (following best practices):

  • General recommendations regarding the creation of user-specific accounts, security aspects, and organizing file mounts to be easily accessible through backend groups.
  • Guidelines on how to structure, name, and organize backend groups, considering the context of roles and permissions.
  • Sample setups for small projects with a single site, as well as for multi-site instances.
  • Topics related to group inheritance and synchronizing permissions across environments.

We have formatted this as a series of patches for the official TYPO3 Documentation, making it accessible to all users. For those interested in exploring this topic, please refer to the new Permissions Management section in the Getting Started guide. We extend our heartfelt thanks to the documentation team members, Lina Wolf, Sarah McCarthy, Gavin Hicking, and Chris Müller, for their invaluable reviews, feedback, and guidance on content structure and formatting. High five ✋

We remain open to making further revisions as needed. With more developers becoming acquainted with this material, we anticipate it will evolve and improve over time.


Add an Option to Create Default Backend Groups While Installing TYPO3

Setting up permissions for backend users can be time-consuming, especially for those who want to test TYPO3 and explore its functionalities. To simplify this process, we have enhanced the final step of the installation with an additional option to create default backend groups, which can later be assigned to users. All that's required is to select a checkbox labeled "Create default backend user groups". Two default groups, Editor and Advanced Editor, will be created, both equipped with permission presets appropriate for the roles they serve.

Screenshot of completed TYPO3 CMS installation displaying options for creating an empty starting page, pre-configuring backend user groups, and a button to open the TYPO3 backend

In addition to updating the GUI with a new option, we have introduced a new command, setup:begroups:default, which enables the creation of these groups even after the installation process has concluded. This command supports two modes: interactive and non-interactive, allowing for the creation of either both groups or just one. The usage of the command is straightforward:

# execute command in interactive mode
typo3 setup:begroups:default

Which backend user groups do you want to create? [default: Both]
  [0] Editor
  [1] Advanced Editor
  [2] Both
  [3] None
 > Both

[OK] Backend user group(s) created: Editor, Advanced Editor

# execute command in non-interactive mode
typo3 setup:begroups:default --no-interaction --groups Both
typo3 setup:begroups:default --no-interaction --groups Editor
typo3 setup:begroups:default --no-interaction --groups "Advanced Editor"

[OK] Backend user groups have been created.

# view the help instructions
typo3 setup:begroups:default --help

Advancing ACL Enhancements in TYPO3

We've gathered extensive feedback from users on further improvements in ACL management. To continue our efforts in this area, we've submitted a proposal for the Community Budget Ideas for Q2 of 2024, where we suggest several enhancements to the UI/UX. Let's wait for the voting results to see if we will continue this work in the upcoming weeks and months :)