Permissions & access
Understand how user groups, hierarchical matching and access inheritance work across EasyLearn.
Overview
EasyLearn uses Joomla user groups to control who can see, enrol in, manage and view statistics for courses. There is no separate user management — everything builds on the groups you already have in Joomla.
The permission system has two types of matching and applies across three entities: courses, categories and instructors.
Matching types
Hierarchical matching
With hierarchical matching, users in a child group automatically inherit access from the parent group. This uses Joomla's built-in nested set structure for user groups.
If a course grants access to the "Company A" group, then users in "Company A → Sales Team" and "Company A → Engineering" automatically have access too, because their groups are children of "Company A".
Direct matching
With direct matching, only users who are exact members of the specified group have access. Child groups do not inherit access.
If a course grants statistics access to the "HR Managers" group, only users directly in "HR Managers" can view statistics — users in child groups like "HR Managers → Recruitment" do not get access.
Course permissions
Each course has three user group fields:
| Field | Matching type | Controls |
|---|---|---|
| Access groups | Hierarchical | Who can see the course in the catalog and enrol in it. Child groups inherit access. |
| Admin groups | Hierarchical | Who can manage the course (edit content, view all data, manage lessons). Child groups inherit admin rights. Admin groups automatically have access and statistics rights as well. |
| View statistics groups | Direct | Who can view statistics and certificates for the course. Only exact group membership — no inheritance. |
Statistics access uses direct matching because viewing student data is sensitive. You want explicit control over who can see progress reports and exam results, rather than having it cascade to all sub-groups automatically.
The Access groups field is also the basis for Auto-Enrollment: only courses a group can actually access can be linked to that group in an enrollment rule. This is what lets membership extensions such as Membership Pro enrol paying members automatically.
Category permissions
Categories have two user group fields:
| Field | Controls |
|---|---|
| Access user groups | Which user groups can see courses in this category. Multi-select. |
| Admin user groups | Which user groups can manage courses in this category. Multi-select. Admin groups automatically have view access. |
Category admin inheritance
Admin access to categories is inherited downward through the category hierarchy:
- If a user has admin access to a parent category, they automatically have admin access to all its subcategories.
- Subcategories can have additional admin groups, but they cannot remove access granted by the parent.
In this example, Safety Managers can manage all three categories. First Aid Team can only manage the "First Aid" subcategory.
Instructor permissions
Instructors have a User groups field that determines visibility in the frontend admin:
- The instructor list in the frontend admin is filtered to show only instructors whose user groups overlap with the user's category admin permissions.
- When creating a course, the instructor dropdown is filtered to match the category's user groups.
Frontend admin access
The frontend admin menu and views are only available to users who have at least one admin role. The system checks these conditions:
| View | Who has access |
|---|---|
| Courses | Users with course admin or category admin access to at least one course. |
| Categories | Users with category admin access to at least one category. |
| Instructors | Users with category admin access (instructor visibility is based on category groups). |
| Statistics | Users with admin access or view statistics access to at least one course. |
| Certificates | Same as statistics. |
| Reset requests | Users linked to an instructor who is assigned to courses, or users with course admin access. |
Joomla super administrators (core.admin) always have full access to everything in EasyLearn — all courses, categories, statistics and admin views.
Admin menu visibility
The frontend admin menu dropdown only appears for users with at least one admin role. The menu items are dynamically filtered:
- Administration group — Courses, Categories, Instructors (only items the user has access to).
- Statistics group — Statistics, Certificates (only if the user has statistics access).
- Support group — Reset Requests (only if the user can handle requests).
The current view is highlighted in the menu.
Excluded groups
Two Joomla user groups are always excluded from permission checks:
- Public (group 1) — Anonymous visitors. Courses cannot be made public.
- Guest (group 9) — Guest users. Courses cannot be assigned to guests.
These groups are filtered out of all user group selection fields to prevent accidental configuration.
Practical example
Here is how you might set up permissions for a multi-department organisation:
Joomla user groups
EasyLearn configuration
| Entity | Access groups | Admin groups |
|---|---|---|
| Category: "Company A Training" | Company A | Company A Admins |
| Category: "Company B Training" | Company B | Company B Admins |
| Course: "Sales Onboarding" | Sales | Company A Admins |
Result
- Sales team members can see and enrol in "Sales Onboarding".
- Engineering members cannot see "Sales Onboarding" (wrong access group), but they can see other courses in "Company A Training" if those courses include their group.
- Company A Admins can manage all courses in "Company A Training" (via category admin) and see all statistics.
- Company B users cannot see anything from Company A.
