I have been trying to set up a small set of users to be able to manage only a couple of specific pages in the CMS. Unsuccessfully so far.
So here I am asking for some help.
What the documentation says, is to just add someone, or a group, to the access rights in the Admin panel. However this does nothing, maybe I'm doing something wrong? But the person does not get the little orange EPi box on the page they're supposed to be able to edit. I have a feeling this is because in the web.config the section for it has the authorization bit where it allows only WebEditors, WebAdmins, Administrators. Roles that this person obviously is not a member of, and shouldn't be.
I've tried adding the new role for limited editing to this section and then the EPi block pops up on the pages for this person. However, now this person is able to edit everything, not limited to the specific access rights I've just set.
So my question is, how do I properly set access rights so that one person or group can edit only one page in the CMS?
I tend to take a 2 step approach to this. First I create a group called something like "EditUIUsers" and add that to the allowed roles under the <authorisation> tag under <location path="EPiServer"> in web.config. This will allow the members of that group to access the CMS Edit UI but not to do anything once they're in there. I then create a group to handle the specific editor permissions (e.g. NewsEditors) and grant them the appropriate permissions on the specific site sections using the "Set access rights" page in the admin section. Finally I create the users that I want to add to my new group and assign them to both the specific group (e.g. NewsEditors) and the EditUIUsers group.
By using this approach, you only need to set up the EditUIUsers group once (and hence deploy the web.config changes only once) but you can create several groups with limited CMS access.
One thing to note is that the permissions are generally inherrited so, if you want to grant permissions for an editor to only edit the home page, you would need assign edit permissions to the home page then remove the edit permissions for that user or group from all of the immediate children of the home page.
Hope that helps,
Thanks! I have it working properly now.
Is there any way to hide the bits of the tree that are locked in the CMS overview?
The pages we want to expose to this small group of users are under a branch that they shouldn't have full access to, so at first glance the entire tree will look locked down.
It's certainly possible but it's not straightforward. You can see what's involved here:
Though be aware that that's an old article so will need some tweaking to make it work.