Allow user to view Reports and NOT be able to edit the site

Vote:
 

I have a request from our client to allow one of their employees access to run/view Reports (tab under the CMS view), but not edit the site. Is this possible?

#155540
Sep 20, 2016 18:33
Vote:
 

Hi Nathan.

Yes, that is indeed possible.

Often, according to my experience on client projects, Content Editors are the user with the least privilidges in the Episerver interface. In your case, that would though no longer be the case. In order to achieve this, you should:

1. Create a new role solely for access to the Episerver interface without any editing privilidges. (e.g. "WebUser").

2. Ensure users, in your "WebUsers" role, has access to your Episerver interface. It's configured, via Web.config, as part of the <authorization/> element beneath <location path="/Your-Episerver-Path/">.

3. Ensure users, in your "WebUsers" role, are not allowed to "Change", "Publish", "Create" and "Delete" for the "Root" section in "Set Access Rights".

4. Ensure all your users atleast are member of "WebUsers"

Hope this gave you enough detail.

Casper Aagaard Rasmussen

#155542
Sep 20, 2016 21:46
Vote:
 

Thank you for your answer! I got it working

#155543
Sep 21, 2016 0:27
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.