DOCman uses Joomla!’s category system. This design decision dates back from the Mambo days (before Joomla! was born — yes, DOCman has been around for a while!) As you may know, categories in Joomla! have very limited access control, just like everything else: you can assign them to the Public, the Registered or the Special group. You can think of a category as just a box, with a label on it. But as you know, a label doesn’t prevent you from opening the box.
Documents on the other hand is where the cool stuff happens. Documents have two sets(1) of permissions: one for viewers, or users who can download the document, and one for maintainers, or users who can edit and update documents. The viewer and maintainer can be set to either
- a Joomla! group (Author, Editor etc…)
- an individual user
- a custom group (a collection of users)
These effectively control access to a document. If the user is not in one of these groups, he can’t access the document.
The important thing to remember is that permissions in DOCman are controlled at the document level, not at the category level. Setting a category to Special or unpublishing it, will hide the category, but will not prevent access to the documents inside the category. You need to set the permissions of the document itself.
Golden rule:
Categories are just boxes.
The documents are the ones that have the locks.
(1) Actually there is a third permission, for the creator, which is the user who uploaded the document. This creator can have viewer or maintainer rights as well, even if he is not in the viewer or maintainer group. You can’t change the creator of a document. By turning on Override View or Override Maintain in Configuration -> Permissions, you can give all creators the rights to their own documents.