Start by making one usergroup, then link users to it and start giving access-rights.

You are adviced to work with 2 different browsers: one in which you are logged in as a super-administrator so you can play with the configuration and set rights, the other browser you log in as your unsuspicious admin-user. 

Make a new usergroup:

1. Go to tab 'usergroups'.
2. Click on 'new'.
3. Enter the groups' name.
4. Click 'Save'.

Link users to the new usergroup:

1. Go to tab 'users'.
2. Select for one or more user(s) in column 'usergroup' the new usergroup.
3. Click 'Save'.

Start giving access-rights:

1. Go to each of the other tabs and tick boxes and click 'Save'.
2. See how easy that is?

Now you made one usergroup with al sorts of access-rights. You can make as many groups as you need, each with their own set of access-rights.

1. Log in as a 'super-administrator'.
2. Go to 'Components > Admin User Access'.
3. Click on 'configuration'.
4. All options are explained with tooltips, so hover over the options for more info.
5. Note: If you want Pages-and-Items to work with Admin-User-Access you have to tick the box 'use Admin-User-Access-component' in the Pages-and-Items configuration. Pages-and-Items is not necessary for Admin-User-Access. It is just a nice free content-manager which gives Admin-User-Accesss more control over the workflow related to publishing content.

• Admin-User-Access restrictions are set per usergroup. So all back-end users except for 'super-administrators' must be linked to a usergroup.
• Back-end users not linked to any usergroup, have no rights at all, as default all restrictions are active.
• Super-administrators have no restrictions.

Assign users (user types 'manager' and 'administrator') to usergroups.

You can set usergroup access for article-access based on categories associated by pages in the menu-structure. This makes it easy to find the categories you are trying to block for editting. In the configuration you set which menu's to show here (Main Menu, Top Menu etc.).

You can set usergroup access to edit articles by Pages-and-Items itemtypes.

You can set usergroup access to edit articles. This works for com_content in the Joomla frontend and backend, as well as in Pages-and-Items.

You can set usergroup access to articles associated to sections. These restrictions will work at the Joomla front-end and backend (com_content), and in Pages-and-Items.

You can set workflow settings for each usergroup for many actions. There are settings for Pages-and-Items and for the Joomla front-end (com_content).

You can set usergroup access for each component in the admin.

If you enable the Admin-User-Access-toolbar, each component-access-right will show up as a button in the toolbar. So you can make custom toolbars for each usergroup. You can choose to hide the Joomla-toolbar, so all components which are restricted for users are not accessible. The actual (deep)-links on the toolbar can be configured, as well as the order in which they appear.

You can hide the Admin-User-Access toolbar and/or Joomla toolbar per usergroup.

The buttons reflect each usergroups component-access. The buttons' (deep)-links can be configured as well as the order in which they appear.