Guidelines for TYPO3 integrators
Role definition
A TYPO3 integrator develops the template for a website, selects, imports, installs and configures extensions and sets up access rights and permissions for editors and other backend users. An integrator usually has "administrator" access to the TYPO3 system, should have a good knowledge of the general architecture of TYPO3 (frontend, backend, extensions, TypoScript, TSconfig, etc.) and should be able to configure a TYPO3 system properly and securely.
Integrators know how to use the Install Tool, the meaning of
configurations in config/
and the basic
structure of files and directories used by TYPO3.
The installation of TYPO3 on a web server or the configuration of the server itself is not part of an integrator's duties but of a system administrator. An integrator does not develop extensions but should have basic programming skills and database knowledge.
The TYPO3 integrator knows how to configure a TYPO3 system, handed over from a system administrator after the installation. An integrator usually consults and trains editors (end-users of the system, e.g. a client) and works closely together with system administrators.
The role of a TYPO3 integrator often overlaps with a system administrator and often one person is in both roles.
General rules
All general rules for a system administrator also apply for a TYPO3 integrator. One of the most important rules is to change the username and password of the "admin" account immediately after a TYPO3 system was handed over from a system administrator to an integrator, if not already done. The same applies to the Install Tool password, see below.
In addition, the following general rules apply for a TYPO3 integrator:
- Ensure backend users only have the permissions they need to do their work, nothing more – and especially no administrator privileges, see explanations below.
- Ensure, the TYPO3 sites they are responsible for, always run a stable and secure TYPO3 Core version and always and only contain secure extensions (integrators update them immediately if a vulnerability has been discovered).
- Stay informed about TYPO3 Core updates. Integrators should know the changes when new TYPO3 major versions are released and should be aware of the impacts and risks of an update.
- Integrators check for extension updates regularly and/or they know how to configure a TYPO3 system to notify them about new extension versions.
Further topics
Please see the chapters below for further security related topics of interest for integrators: