Story #55920

Epic #55813: Access Control Lists


Added by Rens Admiraal over 8 years ago. Updated about 8 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


Estimated time:


It's currently not possible to restrict access on the Neos node tree.

In TYPO3 CMS there are two ways to control access over pages and content:

With the so called "DB Mounts" it's possible to grant users/groups general access to a page (and all its subpages):

Furthermore it's possible to fine-tune permissions via the "Access module":

+ Great control over permission levels
+ Nice AJAX interface
- Hard to get it right from the beginning (mostly due to the "distance" between DB Mounts and ACL settings)

(to be continued)


ACL_DB_Mounts.png (17.7 KB) ACL_DB_Mounts.png Rens Admiraal, 2014-02-12 12:10
ACL_Page_Permissions.png (37.4 KB) ACL_Page_Permissions.png Rens Admiraal, 2014-02-12 12:10

Related issues

Related to Base Distribution - Work Package #45584: Access Control for TYPO3CR Nodes (Concept)New2013-02-18


Updated by Rens Admiraal over 8 years ago

In CMS backend the database mountpoints limit the visible content. In Neos we only have that concept in the tree, but by browsing the site all other content could still be opened. This means the 'mount points' should also restrict modify permissions outside that part of the tree.

To have flexibel control over the permissions we need to be able to add multiple roles to a resource / part of the node tree. That's a BIG downside of the current implementation in CMS (which can be fixed by using be acls which comes with the price of performance penalties). As fine grained acls could be a bad performing thing: maybe we should by default only allow simple permissions (1 group for a tree) and only enable the more advanced (and heavier) features if configured by the integrator.


Updated by Rens Admiraal over 8 years ago

  • Tracker changed from Task to Story

Updated by Bastian Waidelich about 8 years ago

  • Status changed from New to Closed

Also available in: Atom PDF