Manage content access rights should use SecurityEntityProvider service

Fixed in

EPiServer.CMS.UI 12.3.0

Created

Oct 26, 2021

Updated

Aug 19, 2022

Area

CMS UI

State

Closed, Acceptance tests pass


Description

The manage access rights component in edit mode now has its own REST store that uses SecurityEntityProvider service (just like admin view) to return users from both ASP.NET Identity and Opti ID sources. Opti ID is only for business users (such as editors and admins), while ASP.NET Identity is for end users.  

IQueryableNotificationUsers returns business users only from Opti ID, and you should use it when setting up content approval flows, not access rights. End users (and roles) should have access to protected content but only business users should receive notifications.