I'm struggling to find a way of restricting access to CMS for employees who need access and edit the web site/pages, add content etc but do not necessarily need access to any user information.
I may be missing something but I can see how to restrict access for groups to pages within the site but no way of restricting CMS permissions and views. Can someone point me in the right direction please.
Thanks in advance,
This page explains how Access Rights work in the CMS: webhelp.episerver.com/latest/cms-admin/access-rights.htm. Are you placing all CMS users into the WebAdmins group?
Right link for Bob's post
Sorry for the delay in coming back. Yes everyone is in webadmins group at present which isnt ideal. All the documents talk of inbuilt groups which are limited there doesnt appear to be a way to give people access to different areas of cms.
You can assign to groups or users various access rights to specific nodes in the page tree. For example, look at this image from the Epi CMS UI: https://ibb.co/eEvTVR.
The Everyone group can only view content in the Marketing node, while Ann has full capabilities. Does this screen address your need to give different people/groups access to different areas of cms?
I'm all about restricting the visibility of user data. So we have a saas application running on another url but users log on to episerver to then access the app. This means we hold email addresses, user names and company details in epi server. Ideally i'd like the team that setup the users and a restricted number of administrators to be the only people able to access this data. The team that setup the users dont need to edit sites or administer episerver in anyway other than setup the user. I cant see anyway to allow them to setup users without them being webadmins?
On a separate note I've tested using the webeditors group so at least our marketing dept etc wouldn't have access to the user details. Even though I've given the group read, create, change, delete and publish permissions to the entire tree I don't appear to be able to edit the pages via cms it just comes up blank. Is this something setup in the config files possibly?
Thanks for your help with this, much appreciated.
Something you could try is to create a location path directly to the view for creating users if that is the only part they should access. And give them direct url like: http://localhost/EPiServer/CMS/Admin/EditUser.aspx
<location path="EPiServer/CMS/admin/edituser.aspx"> <system.web> <authorization> <allow roles="WebAdmins, Administrators, NEWGROUPNAME" /> <deny users="*" /> </authorization> </system.web> </location>
You would also need to make their group be able to access in my case /EPiServer because css/js files are located below:
<location path="EPiServer"> <system.web> .... .... <authorization> <allow roles="WebEditors, WebAdmins, Administrators, NEWGROUPNAME" /> <deny users="*" /> </authorization>
Then give this group only read access to the pages in the site.
Please review the help topic "Access Rights." The link appears above in an earlier thread. It says this about the WebEditors group "Add users to this group who need access to the edit view. Then add the users to other groups to give them specific edit rights to content. On large websites, editors are often organized in groups according to content structure or languages."
Have you followed the instructions following "Then"?