This topic is intended for administrators and developers with administration access rights in Episerver.
By using access rights in Episerver, you can control availability of website content to visitors, as well as what editors can do and where they can do it in the content structure. Only content that visitors have access to is visible; unauthorized content is hidden. You can set access rights for different types of content, such as pages and blocks, and images and documents in asset folders.
Access rights are normally managed from the administration view in Episerver CMS, but you can provide editors with the possibility to manage access rights for a single page in edit view. .
Access rights for views and features
A standard installation of Episerver has a set of built-in user groups and roles used when controlling access to the different views and features in Episerver and related products. Predefined groups and roles can be easily extended based on your organization and website structure.
The membership and role providers available for your website need to be configured to use the built-in groups and roles in Episerver. This is typically done during development when the website is set up.
|Administrators||Used by Windows and is defined when the website is created. An administrator has, by default, access to all parts of the system, and can edit all website content. Often, administrators are developers setting up or maintaining the website.|
|WebAdmins||Provides access to both the admin and edit views, as well as the administration interfaces for add-ons and visitor groups. Membership in WebAdmins does not provide editing access in the content structure by default. In most cases, only a few system administrators or “super users” belong to this group.|
|WebEditors||Provides access to the editing view, and membership here is required to access editing functionality. For editors, membership in a structure group is also needed to be able to edit content. On large websites, editors are often organized in groups according to content structure or languages.|
|Everyone||Used by Windows and provides “anonymous” visitors with read access to website content. All unregistered visitors to a public website are anonymous, meaning that they cannot be identified by the system. Removing access rights for the “Everyone” group, requires login to access content even if it is published.|
Visitor groups are used by the personalization feature, and administration access rights are required to manage visitor groups. If you want an editor to manage visitor groups without providing access to the entire admin view, you can make the editor a member of VisitorGroupAdmins. This group provides access only to the Visitor Groups option in the global menu.
Add-ons are plug-ins for extending Episerver functionality, and administration access rights are required to manage add-ons. If you want a user to be able to manage add-ons without providing access to the entire admin view, make the editor a member of PackagingAdmins. This group provides access only to the Add-ons option in the global menu.
Some add-ons may also have specific user groups defined for accessing the functionality. Refer to the documentation for each add-on to find out more.
If your website has content in multiple languages, you can define access levels for languages so editors can only create content in languages to which they have access. Refer to Configuring website languages for more information.
In addition to adding users to user groups to provide access to features and views, it is recommended to work with structure groups to control access to the content, such as pages, blocks and media folders. Refer to Access rights in the content structure to find out more.
More on access rights
Access rights for Commerce
If you have Episerver Commerce installed on your website, refer to the Commerce access rights section for more information about access rights.
Access rights for Find
If you have added Episerver Find to your website, refer to the Find access rights section for more information about access rights.