TYPO3v10 introduces improved user group management. It makes TYPO3 more secure and helps you detect and prevent misconfigurations. In this article, we’ll look at this improvement and how you can make the most of it. It’s one of the 13 things we love about TYPO3 v10.
Backend user group management can get really confusing
You might know the situation: your client asks you to quickly create a new backend user for them since there is a new editor in their company. Your first thought will probably be “Sure, no problem.”
You enter the backend user module in TYPO3 thinking you’ll do that really quickly, only to get overwhelmed by 31423976 different backend user groups that seem to be the same but slightly different. (Alright, alright, that might be a LITTLE overexaggerated—but you get where I’m coming from ;-).)
You probably can’t find anyone who knows why there are so many, why they are almost the same, and what they’re all meant for.
If you don’t know the problem—you’re lucky and you can stop reading right now. ;-)
For those of you who do know the problem and are facing messed-up backend user group configurations: You will love this new feature TYPO3 v10 offers. It will save you time by giving you more clarity surrounding user group permissions, help identify misconfigurations, and tighten security by giving people the right permissions.
Admins have been able to compare backend users for a long time now, so you probably know that feature.
TYPO3 v10 now gives you the chance to compare backend user groups as well. Hooray, right?!
How do I compare backend user groups?
Just like the compare feature for backend users you can add backend user groups to the compare list by clicking “Compare” within the backend user group view.
A comparison of the three backend user groups looks like this:
Why should I compare backend user groups, anyway?
First, if you take over a project from someone else, it might be helpful to take a look at how the backend user groups are configured in order to understand the system and to be able to manage it well. Because if you know how it works, creating a new backend user IS a quick task indeed. The compare feature will help you to get a quick overview of the existing backend user groups.
Second, if your project is live, you will probably not be able to delete all the existing backend user groups and just configure new ones. No matter how messed up they are and how necessary it feels —there are editors working in the backend every day, so they will need “their” backend user groups.
You can use the compare feature to understand how the user groups work at the moment and to plan how to clean them up (if you want to know more about how to create well-designed backend user groups, you’ll find more on that here).
With this feature you will quickly see which user group should inherit the configuration of another user group, rather than having two (or more!) almost similar user groups.
One example of that scenario could be the DB mountpoints added to the user groups. In this case I added the DB mountpoint “Congratulations” to every single user group. Since there is an inheritance logic implemented already, the mountpoints are shown up to three times—which doesn’t make sense. Have the two user groups inherit the DB mountpoint from the basic user group instead.
When configured correctly, a comparison of the three user groups would look like this:
You will see if user groups inherit configurations that don’t make sense and won’t work correctly (e.g. if there is a circular configuration within backend user groups as illustrated in the diagram).
When comparing such user groups, the misconfiguration would look like this:
You want to know why one editor can do something the other one can’t? Compare their user groups to check out the differences between them—it makes understanding the configuration so much easier!
So, why is this feature worth upgrading for?
- It saves you time when trying to understand the configuration of your backend user groups.
- It helps you detect misconfigurations within your backend user groups.
- It helps you setup a well-designed system for your editors—and that helps your client by preventing security mishaps.
If you want to benefit from this and the many other features new in TYPO3 v10, you’ll need to upgrade. We can help with that!
Get in touch for our 2nd Opinion service or a quote for upgrading your TYPO3 site