I have the same problem and therefore write my post here instead of creating a new one.
I want restrict access to my admin pages. So that only those who are logged in as admin can access these pages (userGroupID: 1). I have tried to understand how this works, but it's not working.
I have two different Security Pages on my site. One is in the admin folder. and the other is directly in the root for users (I do not know if this is optimal, or how to do this otherwise).
Table Usergroup. This is what my usergroup table looks like. (fig1.png)
-
# 1. registration.php (for users): Here I have assigned the value 2 to UserGroupID in the insert record. (fig2.png)
-
# 2. login.php. Here I have assigned UserGroupID the same session name as UserID. (fig3.png)
-
# 3. I have created two groups from Access Group Manager. Group 1: Name: admin, Member: admin. Group 2: Name: user, Member: user. (fig4.png, fig5.png)
-
# 4. I have duplicated "Logged in to users" from Access Rules Manager. I have named this new rule: "Logged in as admin". I have chosen "In group" as Criteria, and "admin" as Compare to. (fig6.png)
-
# 5. I have opened a page that I want to restrict access to (in admin folder). Then I chose WebAssist -> SecurityAssist -> SecurePage. Then I have selected "Logged in as admin" as a rule grant access if, and a default page as if access denied. (fig7.png)
-
# 6. If I want to change this rule, it says "Not Logged in as admin" as grant access if. Why? This is not true and is confusing. I just assigned it to "Logged in as admin".(fig8.png)
Are these steps correct, or have I missed something?