Joomla Users, Groups and Permissions Explained
Getting Started · Joomla 4, 5, 6 · Updated June 1, 2026
✅ Verified on Joomla 5.4.6: the Users component and its Groups / Access Levels screens match the live admin.
Joomla has a flexible access-control (ACL) system. Three pieces work together:
- Users — individual accounts.
- User Groups — roles a user belongs to (e.g. Registered, Author, Super Users). Groups can be nested and inherit their parent’s permissions.
- Access Levels — control who can see a piece of content (an article, module, menu item).
Manage users and groups
- Users → Manage — create/edit users and assign them to groups.
- Users → Groups — the role hierarchy. Joomla ships with sensible defaults (Public → Registered → Author → Editor → Publisher; and Manager → Administrator → Super Users).
- Users → Access Levels — define visibility levels (e.g. Public, Registered, Special) and which groups belong to each.
Permissions (what a group can DO)
Permissions are set at three levels, each inheriting from the one above:
- Global — System → Global Configuration → Permissions tab.
- Per-component — e.g. Articles → Options → Permissions.
- Per-item — an individual category or article.
A setting of Inherited takes the parent value; Allowed grants it; Denied always wins and can’t be overridden lower down.
Practical tips
- Give people the least access they need — e.g. content contributors usually only need Author or Editor, never Super User.
- Keep the number of Super Users small (it’s the highest privilege).
- Locked out or a user blocked? See unblock / reset a Super User.