Visual Permissions – see and edit backend group permissions right where they apply

By @wazum

What is your idea about?

TYPO3’s backend permission system is powerful but notoriously opaque. Access rights for backend groups (allowed fields, tables, content element types, page types, languages) are configured in huge abstract multi-select lists inside the be_groups record — completely disconnected from where those permissions actually take effect. Admins and integrators cannot easily answer the simple question: “What can this group actually see and edit on this form?” The result is trial-and-error configuration, over-permissioning (a real security problem), and permissions that nobody dares to touch once they “work”.

Visual Permissions solves this in-context: an admin picks a backend group from a toolbar item and activates a visual mode. Every record form then shows per-field overlays — allowed, denied, or inherited through the subgroup chain. Clicking a field queues a grant/revoke change; all queued changes are reviewed and applied as one batch, protected by TYPO3’s sudo mode. Table-level access (including subgroup inheritance, mirroring TYPO3’s login-time merge) is visualized the same way.

What must be achieve by 30th of November 2026?

  1. Stable 1.0 release, publicly available on GitHub, Packagist, and TER
  2. Complete the permission domains: in addition to the existing field and table permissions, add visual inspection and editing of content element types (explicit_allowdeny), page types, and allowed languages.
  3. Visualize the inheritance chain: show which subgroup a permission is inherited from, not just that it is inherited.
  4. Compatibility with TYPO3 14 and 13
  5. Extended automated test coverage (PHPUnit unit + functional, Playwright E2E) maintained in public CI as a quality baseline and as a reference for testing modern backend extensions.

What is the potential impact of your idea for the overall goal?

  • Security: over-permissioning happens because correct configuration is hard to verify. Making permissions visible and verifiable in context leads to least-privilege setups and more trustworthy TYPO3 installations.
  • Lower entry barrier: the permission system is one of the steepest learning curves for new integrators and admins. Visual Permissions turns it from a feared expert topic into something discoverable — making TYPO3 more welcoming and beginner-friendly.
  • Efficiency for agencies: permission tickets (““editor X suddenly can’t edit field Y””) are a constant support cost. In-context inspection reduces diagnosis from guesswork to seconds.
  • It turns one of TYPO3’s genuine differentiators — its uniquely granular permission system — from a pain point into a selling point.

How does your Idea align with the TYPO3 Association Strategy

The idea directly supports the strategic goal “Strengthening the Innovation Process and Product Ownership”, specifically its aim to make TYPO3 “more welcoming and beginner-friendly”: it removes one of the best-known usability barriers in the backend without requiring core changes. By making fine-grained access control verifiable, it also strengthens the trust and security story that underpins “Enabling Informed Decisions” — TYPO3’s positioning around digital sovereignty and enterprise-grade open source. The project is a focused product contribution, not a side quest: it improves the daily experience of the existing core feature set.

Budget for this idea?
7.500 Euro

My Name
Wolfgang Klinger

2 Likes

Don’t we already have 2 approaches to the permissions-topic already from earlier budget rounds?

What I’d like to see is a combined approach with deployable permissions.