When we set up MODX sites for our clients, we always create a few pages that we want the site publishers to never delete nor unpublish. We want these pages to be "edit only" for publishers and we also don't want them duplicating them. For us, this applies to the home page, page not found, search results page, and a special resource that we use for site-wide configurations. Yes, we have had publishers delete the homepage even though we said not to.
Fortunately, we have some ways to protect users from themselves; the MODX permissions system allows us to set up edit-only access to certain resources for a MODX user group. There are three or four main parts to setting this up.
The first is to set up a new resource group which you can assign to your resources. Resource groups allow you to specify a set of permissions to a set of resources. This is how to create a resource group:
The next step is to create an access policy which defines the permissions that you can apply to any resource group for any user group.
You may want your access policy to control permissions that are not controlled by the default MODX access policies. To do that we need to edit the "ResourceTemplate" policy template and add the resource_duplicate permission to the template. The idea of policy templates could be a bit confusing. On their own, policy templates do not grant or deny permissions but the template allows a policy that uses that template to control all of the permissions assigned to the policy template that it uses. If you are familiar with MODX templates and template variables (TVs), this is similar to giving template access for a template to a TV. In this case, the permission for an access policy is like a template variable for a resource.
Finally, we assign the new access policy to a user group. We have an existing publisher group that we want to assign this policy to. If you don't have such a group, see "Create a Publisher User Group in MODX" for how to create such a group.
At this point you are done setting up the new access policy and you can add users to your Publisher group and they will have only limited access to change the resources in the new "Edit Only" resource group. We would recommend testing this out with a test user and test content. We have had to do some experimenting and adjusting permissions to get a set up that works best for us.
If you are looking for more information about the different aspects of permissions in MODX Revolution, see Bob's Guides on Revolution Permissions for an in-depth lesson.