Restricting Employee Access to Admins only


I have a custom module which holds readers of a magazine. I want these users to be able to login and edit their OWN data. I have achieved this by creating a user entry for each reader record in the module, and assigning them to a security group, which has a restrictive role applied to it…

I don’t want these users, which really represent readers / records in a custom module, to be able to view Employees, it’s not relevant to them. Is editing the controller.php in the employees module folder the right way to accomplish this, would that be upgrade safe?

Any advice greatly appreciated.

Best Regards


Hi Luke,

Go on my post of about 4 months ago - How to Hide employee information from non-admins

It will show the code changes you need to make on one php file.

5 minutes and you are done.


1 Like

Many thanks for this Jack! I take it this is not upgrade safe thought?

We have done upgrades and not had a problem. Worse case after an upgrade log in as non-admin and check - only a few minutes to paste the updated code


1 Like

To make this upgrade-safe, write the code inside custom/Extension/application/Ext/GlobalLinks/links.php instead (and run a Repair & rebuild)