Kentico CMS provides a flexible security model that allows you to configure granular access permissions for content and modules.
The security model consists of:
• | users (shared among websites) |
• | roles (specific for websites) |
User, role and global permissions can be managed at two levels:
• | In Site Manager -> Administration, where global administrators can edit all data. |
• | In CMS Desk -> Administration, where local administrators can edit only data related to the current website (the current website is recognized by the current domain). |
Relationships between users, roles and permissions
The following figure shows how users are assigned to roles and how users and roles are granted with permissions for documents and modules:
Users can be members of any number of roles. They can be granted with permissions for particular documents in the CMS repository. If you want to grant a user with permissions for some module, you need to make the user a member of some role and grant the permissions to the role (the users cannot be granted with permissions for modules directly).
Roles in Kentico CMS are fully customizable. It means you're not limited to some predefined set of roles. Instead, you can define your own roles with custom sets of permissions.
If the user is member of multiple roles, their permissions for modules are calculated as a sum of all permissions granted to all roles.
If the permissions for documents in the CMS repository are granted to both a user and their roles, document permissions are calculated as a sum of all permissions granted to the user and to all roles. If the user or some of their roles are denied to make some action (such as modify document), then the result is always "denied" for the given permission even if the roles are allowed to perform the action.
Page url: http://devnet.kentico.com/docs/devguide/index.html?security_model.htm