From Research to Documentation and Coding – The Initiative Lifecycle

Our first step was to conduct the research on best practices for setting permissions in TYPO3. Based on this research, which included analyzing survey results from the community, we have created a draft of a technical document where all the valuable information was written down. For detailed insights into the survey results, see our earlier post: Initial Phase of the ACL Enhancement Initiative. 

Our second step was to enhance the TYPO3 installation process by adding an option to create default backend user groups. Our goal is that these groups will come with pre-configured permission presets and will be ready for immediate use following the installation.

Converting Technical Drafts into Official Documentation

Our draft on best practices for setting and managing permissions in TYPO3 was shared on talk.typo3.org for public discourse, aiming to collect further community feedback to improve its quality and value. 

In adherence to best practices, this document outlined:

• Broad recommendations for establishing user-specific accounts, enhancing security measures, and arranging file mounts for straightforward access via backend groups.
• Strategies for structuring, naming, and organizing backend user groups with a focus on roles and permissions.
• Example configurations for both small, single-site projects and more complex multi-site setups.
• Discussions on managing group inheritance and ensuring permission consistency across different environments.

Unfortunately, beyond a few general comments in Slack, we didn't get any responses or feedback on the draft. We didn’t want our technical documentation to exist in a form that was not easily accessible and could be forgotten easily. So we made the decision to incorporate it into the official TYPO3 documentation, placing it within the Getting Started tutorials.

We have prepared a series of patches for the official TYPO3 Documentation, introducing a new Permissions Management section in the Getting Started guide. This section incorporates the crucial elements from our initial document. We believe it will be a valuable resource, simplifying and standardizing the initial steps of setting permissions for everyone.

A critical aspect of updating the documentation was our close collaboration with the TYPO3 Documentation team, who provided substantial support, suggestions, and feedback. We extend our deepest gratitude to team members Lina Wolf, Sarah McCarthy, Gavin Hicking, and Chris Müller for their invaluable reviews, feedback, and guidance on the content's structure and formatting. High five!

We are open to any necessary further adjustments. As more developers familiarize themselves with this material, we expect its evolution and enhancement over time.

Exploring the New Way for Implementation of Permissions Preset for Backend Users

New Option During Installation

Configuring permissions for backend users can often be a lengthy task, particularly for individuals keen on testing TYPO3 and discovering its features. To streamline this aspect, we've improved the installation's last stage by introducing an option to establish default backend groups. This option allows for the easy assignment of users to these groups later on. Simply ticking a checkbox marked Create default backend user groups will automatically set up two predefined groups: Editor and Advanced Editor, each with preset permissions tailored to their respective roles.