|
||
A user can be a member of any number of roles and can be assigned to any number of websites.
There are two important attributes of the user account:
•Is editor - the user can access the CMS Desk interface. This attribute doesn’t grant any particular permissions — it only differentiates between site editors and “registered users” who can only access the live website and its secured areas and thus provides an extra security layer. The user can access CMS Desk for all sites to which they are assigned on the Sites tab
•Is global administrator - the user is authorized to perform all operations and their access cannot be denied by permissions or otherwise limited. Global administrators are the only users who can use the Site Manager interface
|
Global administrators
Global administrators are the only users who can manage site settings and all development tools. Their permissions cannot be denied or limited – they have access to all features and data.
Local administrators cannot modify global administrator accounts. |
Default user accounts
The following default user accounts are available:
•Administrator – user with full permissions.
•Public – user that represents an anonymous visitor of the site.
New user accounts are typically created when a user goes through registration on the live site. However, you can also create accounts manually in Site manager -> Administration -> Users or CMS Desk -> Administration -> Users. Click the New user link and enter the following properties into the displayed form:
•User name - the user's user name (login). By default, it must be unique across all websites in the system.
•Full name - user's full name (first name, middle name and last name).
•E-mail - user's e-mail address.
•Enabled - indicates if the user account is enabled and the user can sign in.
•Is editor - indicates if the user is authorized to sign in to CMS Desk. It's used to differentiate users who are only allowed to visit member areas of the website from content editors who can use the CMS Desk user interface. This provides an extra security layer.
•Password - user's password.
•Confirm password - user's password again for confirmation.
|
User passwords
It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which will be marked with a warning icon ().
You can add a password manually by editing the given users, specifically on the Password tab.
The system can be configured to require users to enter passwords matching specific strength requirements. For more information, please see the Authentication -> Password settings topic. |
You can edit user properties in Site manager -> Administration -> Users -> click the Edit () icon of the chosen the user.
The following properties can be set on the General tab:
•User name - the user's user name (login). By default, it must be unique across all websites in the system.
•Full name - user's full name (first name, middle name and last name).
•First name - user's first name.
•Middle name - user's middle name.
•Last name - user's last name.
•E-mail - user's e-mail address.
•Enabled - indicates if the user account is enabled and the user can sign in.
•Is editor - indicates if the user is authorized to sign in to CMS Desk. It is used to differentiate users who are only allowed to visit member areas of the website from content editors who can use the CMS Desk user interface. This provides an extra security layer.
•Is global administrator - indicates if the user is a global administrator. Global administrators have full permissions for all features and data across the system and are not affected by permission settings for particular modules.
•Is external user - this attribute is used when you are using an integration with an external user database.
•Is domain user - indicates if the user was imported from Active Directory.
•Is hidden - if true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.).
•Disable site manager - this option is available only when editing a global administrator, but not when a global administrator is editing their own account. If enabled, the user will still be designated as a global administrator, but will not be able to access the Site Manager interface, i.e. will only be allowed to perform actions in CMS Desk.
•Preferred content culture - preferred culture in which the content is displayed to the user.
•Preferred user interface culture - preferred culture in which the users wants to see the user interface (CMS Desk and Site Manager).
•Created - date and time when the user account was created.
•Last logon - date and time when the user last logged in.
•Last logon information - information about the IP address and browser agent of the user's last logon.
•Starting alias path - the starting alias path of the content tree in CMS Desk -> Content; if you specify this value, the user is not allowed to browse other sections of the website in the content tree; please note that this feature is only intended for better usability and it doesn't ensure security control - if you need to establish access rights for a given user, grant appropriate document permissions (Properties -> Security) to them
Impersonation
Global administrators can also see the Log in as this user link at the top of this tab. By clicking this link, the administrator gets logged in as the currently edited user and gets redirected depending on the type of user:
•Global administrator - if you log in as some other global administrator, you will stay on the General tab
•Editor - if you log in as some editor (a user with the Is editor option enabled), you will be redirected to CMS Desk
•Standard user - if you log in as a standard user, you will be redirected to the title page of the live site
User impersonation may also be performed by global administrators from anywhere in the administration interface by opening the context menu located on the main header of CMS Desk or Site Manager and selecting Impersonate.
When clicked, a dialog is displayed where the specific user to be impersonated can be selected from a list of all users in the system.
In Site Manager -> Administration -> Event log, any actions carried out while impersonating a user will be logged under the user name in format <user name> (<original user name>) where the original user is the administrator using the impersonate function.
Here you can change the user's password:
•Password - user's password.
•Confirm password - user's password again for confirmation.
You can either enter a new password directly, or have the system generate a new one. The tab also provides the option to send an automatic notification e‑mail to the given user containing the new password.
This tab is hidden if the edited user is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user property enabled on the General tab of the user editing interface or if Is domain user is enabled and the application is configured to use Windows authentication.
On the Settings tab, you can edit the following properties of the user:
•User nick name - nick name of the user used in website forums, on the user's profile, etc.
•User picture - user's avatar image; this image will be used in forums and on user's profile; you can either upload an image or select a pre-defined avatar
•User signature - user's signature that will be used below the user's forum posts
•Description - optional text describing the user
•URL referrer - URL from that the user came to the site when they performed registration
•Campaign - if the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. Please see the Modules -> Web analytics -> Campaigns chapter for details.
•Messaging notification e-mail - notifications about new messages received in the messaging module will be sent to this e-mail address
•Time zone - user's time zone; if set, this time zone will be used where applicable instead of the site time zone
•Badge - user's badge; depends on the number of gained activity points
•User activity points - number of user's activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments
•Live ID - user's Live ID token; this is a hexadecimal number that the user is identified by when logging-in via Windows Live ID
•Facebook user ID - user's Facebook user ID; it is used when the user is logging in via Facebook Connect
•OpenID - user's OpenID; it is used when the user is logging in via OpenID
•LinkedIn ID - user's LinkedIn ID; it is used when the user is logging in via LinkedIn authentication
•Activation date - date of the user's account activation
•Activated by user - user who activated this user's account
•Registration info - user's IP and browser agent detected on registration
•Gender - user's gender
•Date of birth - user's date of birth
•Skype account - user's Skype account
•Instant messenger - user's instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs (e.g. ICQ: 123456789)
•Phone number - user's phone number; the number may be entered in any format, no validation is applied
•Waiting for approval - if checked, the user is waiting for an administrator's approval
•Show splash screen - determines if splash screen should be displayed to the user when accessing Kentico CMS administration interface
•Forum posts - number of user's forum posts
•Forum comments - number of user's forum comments
•Blog comments - number of user's blog comments
•Message board posts - number of user's message board posts
Here you can edit the custom fields added to the user profile. The custom fields can be defined in Site Manager -> Development -> System tables -> User.
Here you can specify the sites into which the user can sign in using their user name and password credentials. To assign the user to a site, simply click the Add sites button, check the appropriate boxes in the displayed dialog and click OK to save the changes.
|
Please note
The sites assigned here only limit access to the CMS Desk interface. Logging in on the live site is possible even for users who are not assigned to the given site.
This is intended to allow the separation of access privileges for content editors responsible for different websites. |
Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Please refer to the Role management topic for further information about roles.
Here you can specify the E-commerce module departments in which the user is authorized to manage products.
On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete () subscriptions in the list, which unsubscribes the user from receiving notifications.
This tab displays a list of the user's custom categories. Each of the categories can be edited () or deleted ().
By clicking the New category link, you can create a new category that will behave the same way as if it was created by the user in CMS Desk -> Edit -> Properties -> Categories.
The following details will be required when creating a new category:
•Display name - name of the category displayed in the user interface
•Code name - name of the category used in website code
On this page, you can manage the currently edited user's friends.
On this tab, you can manage the user's subscriptions to newsletters and notifications about new blog posts and message board messages.
On this tab, you can specify which cultural versions of documents can be edited by the user. You have the following options:
•User can edit all languages - if selected, the currently edited user can edit documents in all language versions of all sites in the system
•User can edit following languages - if selected, you can specify which language versions can be edited by the user by checking the check-boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list
Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Please refer to Memberships to learn more.