SaaS CMS has officially launched! Learn more now.

How is access to the Visitor Groups interface managed?

Vote:
 

How is access to Visitor Groups handled?  After upgrading to R2, Visitor Groups does not appear in the right-click menu, and if I try to access it from the overhead menu in Edit/Admin Modes, I get prompted for credentials.

The path for Visitor Groups is:

/admin/CMS/VisitorGroups

I checked all the through the web.config, and the only access path I can see that would apply is the path to /admin.  I have the correct groups in here, and I have access to both Edit and Admin Modes, so I know this works.  Yet, Visitor Groups does not work, either in the link from Edit/Admin Mode or from the right-click menu.

Is there some other access control around Visitor Groups that I'm not aware of?

#56551
Jan 26, 2012 2:13
Vote:
 

Have you configured the virtual roles CmsAdmin and CmsEditors in EPiServerFrameWork.config? They are used for authorization in the mvc part of EPiServer.

#56553
Jan 26, 2012 8:35
Vote:
 

What you mean "configured the virtual roles"?  EPiServerFramework.config looks correct -- I can see the virtual roles in there:

      <add roles="WebAdmins, Administrators" mode="Any" name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer" />
      <add roles="WebEditors" mode="Any" name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer" />

    

What configuration needs to take place apart from them being in the file?

#56561
Jan 26, 2012 15:27
Vote:
 

Are you using WebAdmins and WebEditors as groups for editors and admins? Otherwise you have to add your own roles to each virtual role in the roles attribute.

Now you're mapping WebAdmins and Administrators to the CmsAdmins roles and so on.

Also check if you have configured following paths in web.config correctly:

<episerver.shell>
		<publicModules rootPath="~/modules/" autoDiscovery="Minimal"/>
		<protectedModules rootPath="~/yourUI/">
			<add name="shell"/>
			<add name="cms"/>
		</protectedModules>
	</episerver.shell>

    

#56562
Jan 26, 2012 15:35
Vote:
 

So, just to clarify --

Visitor Groups operates off the CmsEditors and CmsAdmins roles.

And the "EPiServer.Security.MappedRole" converts one role to another.  So this code...

      <add roles="WebAdmins, Administrators" mode="Any" name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer" />
      <add roles="WebEditors" mode="Any" name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer" />

    

...is saying that the "WebAdmins" and "Administrators" roles are both also valid for the "CmsAdmins" role.  And the "WebEditors" role is also valid for the "CmsEditors" role.

Is that correct?

#56565
Jan 26, 2012 16:02
Vote:
 

That's correct regarding "EPiServer.Security.MappedRole". And I hope Visitor Groups is using asp.net mvc and authorization rules, just like other parts of EPiServer Framework like Online Center and My Settings. 

#56566
Jan 26, 2012 16:12
Vote:
 

Turns out groups on this server were a little different -- users weren't in the WebAdmins and WebEditors roles that were mapped to CmsAdmins and CmsEditors.  I changed the config of those MappedRoles, and we're good now.

Thanks Johan -- I appreciate the pointer on how access works for Visitor Groups.  Wouldn't have found it otherwise.

#56692
Feb 02, 2012 18:17
Vote:
 

I'm glad I could help :)

#56693
Feb 02, 2012 18:19
Vote:
 

In order to control visitor group access security list we discovered that you need to add missing virtual role in episerverframework.config file:

 

<add name="VisitorGroupAdmins" roles="{your roles here}" type="EPiServer.Security.MappedRole, EPiServer" mode="Any"/>

    

#60767
Aug 23, 2012 21:44
Vote:
 

Great to find this, and thanks Valdis, your lien of code fixed it for me. But... We had to change the assembly in the setting so it look like this:

<add name="VisitorGroupAdmins" roles="{your roles here}" type="EPiServer.Security.MappedRole, EPiServer.Framework" mode="Any"/>
#115861
Jan 20, 2015 15:08
Vote:
 

That I guess was for v6. Too old answer to match latest version :)

#115865
Jan 20, 2015 15:53
Vote:
 

True Valdis, I saw what section it was on just after I pressed ok on my comment ;-)

#115866
Jan 20, 2015 16:12
Vote:
 

I'm glad everyone has fixed their issues, but I would like to add a little clarification for future reference.

From http://world.episerver.com/documentation/items/developers-guide/episerver-cms/75/personalization/configuring-personalization/

"To access Visitor Groups in the global menu you must be a member of the access groups CmsAdmins or VisitorGroupAdmins, otherwise you will be prompted to a login page. If you want editors to be able to add, edit and delete visitor groups, you can provide access by adding them to VisitorGroupAdmins (CmsAdmins and CmsEditors are already defined in the configuration)."

The idea we had was that by default just admins would have access to the UI, but it could be modified by adding the VisitorGroupAdmins role.

And yes Johan, that is standrad asp.net roles, so you don't have to use the MappedRole configuration to add it. It can be managed like any role in the system.

Regards

Per Gunsarfs

#115867
Jan 20, 2015 16:35
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.