JoomInvoice uses Joomla's built-in Access Control List (ACL) system. You can control which user groups can access, create, edit, and delete invoicing data.
Setting Permissions
- Go to Components > JoomInvoice > Settings > Configuration.
- Click the Permissions tab.
- Select a user group (e.g., Manager, Author, Registered).
- Set each permission to Allowed, Denied, or Inherited.
- Click Save.
Permissions follow Joomla's standard inheritance: child groups inherit permissions from their parent group unless explicitly overridden.
Available Permissions
| Permission | What It Controls |
|---|---|
| Configure ACL & Options | Full administrative access. Users with this permission can change component settings and manage permissions for other groups. |
| Access Component Options | Can open the Configuration page to view and change settings. |
| Access Administration Interface | Can access JoomInvoice in the admin panel. Without this, the user cannot see JoomInvoice at all. |
| Create | Can create new invoices, quotes, contacts, and other records. |
| Delete | Can delete records. |
| Edit | Can edit any record, regardless of who created it. |
| Edit State | Can publish/unpublish invoices and change invoice statuses. |
| Edit Own | Can edit records they created themselves, even without the full Edit permission. |
Common Permission Scenarios
Accountant / Billing Staff
Give them access to manage invoices without being able to change settings:
- Access Administration Interface - Allowed
- Create - Allowed
- Edit - Allowed
- Edit State - Allowed
- Delete - Denied (or Allowed, depending on your preference)
- Configure ACL & Options - Denied
View-Only Access
Allow a user to see invoices but not change anything:
- Access Administration Interface - Allowed
- Create - Denied
- Edit - Denied
- Delete - Denied
- Edit State - Denied
Sales Team (Own Records Only)
Let sales people create and manage their own invoices:
- Access Administration Interface - Allowed
- Create - Allowed
- Edit Own - Allowed
- Edit - Denied
- Delete - Denied
With this setup, each user can only edit invoices they created themselves.
How Permissions Work in Practice
Admin Panel Access
A user needs the Access Administration Interface permission to see JoomInvoice in the Joomla admin menu. Without it, the component is completely hidden from them.
Creating Records
The Create permission is checked when a user tries to create a new invoice, quote, contact, or other record. If denied, the "New" button does not appear.
Editing Records
JoomInvoice checks permissions in this order:
- Does the user have the Edit permission? If yes, they can edit any record.
- If not, does the user have the Edit Own permission? If yes, they can edit records they created themselves.
- If neither, editing is denied.
Deleting Records
The Delete permission controls whether a user can delete records. If denied, the "Delete" button does not appear.
Publishing and Status Changes
The Edit State permission controls whether a user can:
- Publish or unpublish invoices.
- Change an invoice's status (e.g., from Pending to Paid).
Frontend Access
Frontend access (the client portal) is not controlled by Joomla ACL permissions. Instead, it uses two separate mechanisms:
Logged-In Users
Clients who have a Joomla account and are linked to a JoomInvoice contact can log in and see their invoices. They only see invoices assigned to their linked contact.
Guest Access (Auth Codes)
Clients without a Joomla account can access their invoices through secure links that contain an authentication code. This is configured in Configuration > Auth code in payment links. See Client Portal for details.
Guest access bypasses Joomla's ACL system entirely - anyone with a valid link can view that specific invoice and make payments on it.