Try our conversational search powered by Generative AI!

implement a role of searchEditors of episerver CMS


Hi Optimisely Team,

I have a problem statement that I want to implement a role of searchEditors of episerver CMS, such that I want to provide access to FIND to the users which has a role of searchEditors but should not be able to clear Indexes. I have added virtual roles in web.config file like this

<virtualRoles addClaims="true">
        <add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
        <add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
        <add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
        <add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
        <add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
        <add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />
        <add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
        <add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
        <add name="WebReader" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />
        <add name="SearchEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebSearchEditors" mode="Any" />


<location path="EPiServer/Find/#configure">
            <allow roles="WebAdmins, Administrators" />

Now for path in location, I have allowed access to following path to only these roles WebAdmins, Administrators, but in authenticationInitialisation file where I have added claims and roles, I have assigned roles of SearchEditors, so I should have been restricted access to this path "EPiServer/Find/#configure" and Configure Tab should be hidden.

AuthenticationInitialisation.cs file

authClaimsIdentity.AddClaim(new Claim(JwtClaimTypes.Role, EpiRoles.WebSearchEditors));


public static class EpiRoles
    /// <summary>
    /// Can access find with limited access.
    /// </summary>
    public const string WebSearchEditors = "WebSearchEditors";


Can you please suggest, why the required functionality is not getting implemented.

Dec 07, 2023 11:37
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.