Allowing backend access to only ONE component

[regularflavor]

First, let me just say that I have combed through the forums and read the cACL instructions multiple times to no avail.

I am using Joomla v1.5.20 with the Rockettheme "Mission Control" admin template.

I have a group of users with the "Manager" Joomla permission assigned to them. I created a group & role for these users that only has K2 added to the "List of Allowed Components" with front/backend permission enabled. I do not have any content, menu, or other component permissions enabled for this group/role. The group/role is set to redirect to the K2 component page upon backend login. I set the access type to deny all by default in configuration. I have set cACL to run on the backend only, and have successfully synchronized its functions after configuring it.

After all of that, the backend redirect works but these users still have access to EVERYTHING and the ability to change ANYTHING that default Joomla managers have. These users are not restricted exclusively to the K2 component. They can see all of the default Joomla manager backend navigation items (menus, articles, users, and so on).

What am I doing wrong? I'm not getting any errors. I have followed the instructions to a tee but I have seen no solid example on how to specifically restrict a backend user to have access to only a single component.

[Andy]

If you use the admin template that comes with Joomla, does it work correctly? Do you have libTidy enabled in the CACL configuration and is libTidy installed on your server?

Kindest regards,

[regularflavor]

Using the standard Joomla admin template causes the correct menu items to be hidden, however it does not block the user account from getting to them. Example: I can copy paste the URL for the main site menu into the browser that is logged in to a manager account, and I am still able to access and edit those menu items even though the admin nav link to the menu is hidden. Likewise, I able to access the article manager in this fashion.

libTidy is enabled and working

[Andy]

Do you have CACL configured to operate on the front-end and the backend?

Kindest regards,

[regularflavor]

It is currently backend-only. When I set it to both, the frontend gets screwed up as expected without appropriate permissions, but it does not do anything to limit backend access for the manager group.

[Andy]

If you have purchased a subscription to support for Community ACL, please create a ticket using the link in my signature.

Kindest regards,