Soapbox controls access to certain areas and features of a site through use of a basic ACL, or Access Control Level mechanism called Groups. Certain groups have certain access level features and they are directly related to the creation, editing and publishing of content (through the Frontend and Backend interfaces) as well as to access to the Administrative (Backend) interface.
Each group has different levels of access control and once a user is made a member of that group, they inherit those rights.
There are four (4) front-end groups available by default. You may also have custom User Groups created for your site:
Registered - This group allows the user to login to the Frontend interface. Registered users can't contribute content, but this may allow them access to other areas, like a forum or download section if your site has one.
Author - This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content. When content is submitted by an Author level user, they receive the message, “Thanks for your submission. Your submission will now be reviewed before being posted to the site.” They can edit only their own articles but only when that article has been published and is visible.
Editor - This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published. If your site uses the default installation’s menu option “News”, which is a Table List – Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list. Still, Editor users cannot, publish or change the publishing status of any articles, even their own.
Publisher - This group allows a user to post, edit and publish any (not just their own) content item from the Front-end. Publishers can review all articles, edit and change publishing options but the can also determine when an article is ready for publication, making it visible to Registered, Author and the Unregistered Public (depending on what visibility was chosen in the article, of course!)
There are three (3) Administration section groups that allow access to Soapbox:
Manager - This group allows access to content creation and other system information from the Backend. Think of Manager users as Publishers, with Backend access. They can log in through the Administrator interface, but their rights and access are generally restricted to content management. They can create or edit any content, access to some Backend only features like adding, deleting and editing Sections and Categories, editing the Front Page and Menus, but they don’t have any access to the “Mechanics” of Soapbox, like user management or the ability to install components or modules. Note that if a Manager logs in through the Frontend interface, they’re treated just like a Publisher, with the same rights and access.
Administrator - This group allows access to most administration functions. An Administrator user has all the privileges on the back end of a Manager, but they also have access to set options on, and install/delete components, modules and plugins, User Manager access and can view the site statistics. What they cannot do however is change, edit or install Site Templates or make any changes to the sites Global configuration options. On login through the Frontend, they are treated as Publishers, just like the Manger users. Interesting to note; when an Administrator accesses the User Manager list, they will see all users at their access level or below; in other words they can modify any user EXCEPT a Super Administrator.
Super Administrator - This group allows access to all administration functions. Only another Super Administrator can create or edit a Super Administrator user account. This level is reserved for Soapbox staff, and is not granted to users.