Set Access Rights - how best to provide access to a subsite only?

Vote:
 

As you can see from the attached screenshot, I have a subsite called IoT Center, I would like to create a user group that can only make changes and create and publish content in the IoT Center but not on the rest of the website.

iotcenter

I have been playing around with the user groups and the problem is that if I create a group, let's call it "Group IoT" and give this group all the permissions including administration permissions to the IoT Center then these users cannot log into the CMS backend. Only when I give them administration rights to the Root can they log in to the CMS backend but this has the unintended consequence of giving them administration rights to the whole website including content outside of the IoT Center.

Any tips on how best to get around this predicament? 

#263207
Sep 16, 2021 8:55
Vote:
 

In web.config you'll probably have something like this?

...that limits who can log into edit mode.

You probably need a group to give access to edit mode (usually "WebEditors"), and a separate group to give access to "Group IoT" or other parts of the page tree?

Please have a look at the user guide: https://webhelp.optimizely.com/16-4/cms-admin/access-rights.htm

#263209
Edited, Sep 16, 2021 9:24
Vote:
 

Thank you very much for your feedback guys. I have added the user group to the list under "allow roles" in the web.config and ensured that this group can edit the subsite:

Now I can log in to the CMS backend with any user assigned to this group, but I don't seem to have permission to edit any pages in the subsite:

Am I missing an extra step somewhere?

#263395
Edited, Sep 20, 2021 7:12
Vote:
 

Hoping someone can point me in the right direction. I have checked to ensure that there are no errors in the logstream. Is this a misunderstanding of the documentation on my part or an error?

#263459
Sep 21, 2021 9:54
Vote:
 

Thanks to EpiServer Support it turns out that the permissions on the languages were set in admin mode and hence I had to add this new user group to the list for each language that it should be able to edit. Now I am able to create and edit pages with this group. Hope this helps anyone else. 

#263471
Sep 21, 2021 13:04
Vote:
 

Thanks for updating the thread. Usually we use the language to default settings of "Everyone" access, so we don't realize the content translations are driven by these access rights at the language level. 

~ Sujit

#263713
Sep 23, 2021 23:19
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.