Security model overview

  Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic! Mail us feedback on this topic!  

Kentico CMS provides a flexible security model that allows you to configure granular access permissions for content and modules.

 

The security model consists of:

 

users (shared among web sites)
roles (specific for web sites)
module permissions
document permissions
UI personalization

 

User, role and global permissions can be managed at two levels:

 

In Site Manager -> Administration, where global administrators can edit all data.
In CMS Desk -> Administration, where local administrators can edit only data related to the current web site (the current web site is recognized by the current domain).

 

Relationships between users, roles and permissions

 

The following figure shows how users are assigned to roles and how users and roles are granted with permissions for documents and modules:

 

devguide_clip0745

 

Users can be members of any number of roles. They can be granted with permissions for particular documents in the CMS repository. If you want to grant a user with permissions for some module, you need to make the user a member of some role and grant the permissions to the role (the users cannot be granted with permissions for modules directly).

 

Roles in Kentico CMS are fully customizable. It means you're not limited to some predefined set of roles. Instead, you can define your own roles with custom sets of permissions.

 

If the user is member of multiple roles, her permissions for modules are calculated as a sum of all permissions granted to all roles.

 

If the permissions for documents in the CMS repository are granted to both user and her roles, the document permissions are calculated as a sum of all permissions granted to the user and to all roles. If the user or some of her roles is denied to make some action (such as modify document), then the result is always "denied" for the given permission even if the remaining roles are allowed to make the action.

 

Page url: http://devnet.kentico.com/docs/devguide/index.html?security_model.htm