Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

AI OnAI Off

WebAdmins can see, edit and create Visitor groups but they can't delete them?

Tim Schmelter
Tim Schmelter
Vote:
 

Hello, 

our customer failed to delete his Visitor group. When he tried it a login popup apppeared. I can delete them without problem(in Admin group).

He said that he probably never tried it before, so maybe it was always so, is this by design? What i had to do if i wanted to support deleting visitor groups for WebAdmins?

These are the configured role providers:

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
	<providers>
		<clear />
		<add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer.Framework.AspNet" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WindowsMembershipProvider" />
		<add name="WindowsRoleProvider" applicationName="/" type="EPiServer.Security.WindowsRoleProvider, EPiServer.Cms.AspNet" />
		<add name="SqlServerRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="******" applicationName="/" />
	</providers>
</roleManager>

These are the virtual roles:

<virtualRoles addClaims="true">
	<providers>
		<add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
		<add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
		<add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
		<add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
		<add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
		<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />
		<add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
		<add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
	</providers>
</virtualRoles>

Someone can shed some light on it on how it works and what i have to change to support deleting Visitor groups for WebAdmins?

#252604
Edited, Apr 07, 2021 8:57
Johan Petersson
Johan Petersson
Vote:
 

Hi, there is a virtual role called VisitorGroupAdmins you can configure. I believe you need to be a member of this role to able to delete Visitor Groups. You are probably member of this role since it's mapped agains CmsAdmins by default.

#252706
Edited, Apr 08, 2021 10:17
Tim Schmelter - Apr 08, 2021 11:01
Thanks. But you see in my configuration above that WebAdmins are already part of CmsAdmins which you say that VisitorGroupAdmins is mapped against. Or did i misunderstand it?
Johan Petersson
Johan Petersson
Vote:
 

Ok, you can't post code in comments.

I'm not sure on that part. But you can easily test this by just adding the role:

<add name="VisitorGroupAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins" mode="Any" />
#252710
Apr 08, 2021 11:05
Tim Schmelter - Apr 19, 2021 15:08
I've tried that but unfortuanately it didn't work. You see still the login dialog if you try to delete a visitor-group. I have just added that provider in the web.config as you have shown.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.