Old Forums
Search:
Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 5.x > Installation and deployment > Disabling access to CMSDesk/CMSSiteManager in production to some users View modes: 
User avatar
Member
Member
g.luparia-wintech - 1/17/2012 9:19:12 AM
   
Disabling access to CMSDesk/CMSSiteManager in production to some users
We set up a staging-production environment with a single Content Staging process from staging to production.
We would like to disable access to CMSDesk and CMSSiteManager in production to every user except from some administrative accounts (access is required to monitor the website and guarantee rapid intervention in case of disaster). We are looking for the cleanest solution to implement this.

How do you usually approach this need?

TIA and best regards,
Giorgio

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 1/18/2012 2:01:00 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello,

The easiest way would be to disable the "Is Editor" setting for each user in CMS Site Manager / Administration / Users. An another approach would be to implement custom code for redirecting the user during logon, for example in the Global.asax.cs (or App_Code/Application/CMSAppBase.cs from version 6.0 and higher) file in the Application_BeginRequest (CMSBeginRequest in 6.0 and higher) method or in the logon form.

Best regards,
Boris Pocatko

User avatar
Member
Member
g.luparia-wintech - 1/18/2012 3:11:15 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello Boris,
Thanks for your answer.
You are suggesting to disable the "Is Editor" check for the users in production, and not in staging? Wouldn't this setting be transferred from staging to production at every "UPDATE USER" content staging task?

Thanks again and best regards,
Giorgio

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 1/18/2012 10:16:50 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello,

I am sorry for the confusion. Yes, you are right about the staging issue in that case. I wrote the answer without thinking of the staging environment.
To bypass this, you can create a new role on the production environment with deny permissions on for all the CMS Desk tabs for example. Now you have only to add all users to that role, which shouldn't have access to CMS Desk. This scenario should work, because the deny permissions are stronger than the allow permissions on the user or any other role.

Best regards,
Boris Pocatko

User avatar
Member
Member
g.luparia-wintech - 1/18/2012 10:21:20 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello Boris,

So, if I'm understanding correctly, I should create this role in production only (so, the downside is that we no longer have perfect replication of staging vs produciton, but that's acceptable) and I should assign users to that role directly in production. These assignments shouldn't be overwritten by user updates from staging to production.

I will try your solution, thanks again!

Giorgio

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 1/19/2012 12:39:16 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello,

Yes, this is the approach I would suggest. Please let me know if it worked.

Best regards,
Boris Pocatko

User avatar
Member
Member
g.luparia-wintech - 1/23/2012 8:43:05 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello Boris,
we tought more about the roles solution but we prefer to avoid having different assignments in staging vs production.

We thought about an alternative solution: having a custom table listing the "enabled in production" users. We will disable the login to everyone else in code-behind and just if the application domain is that of the production environment.

Please tell me if you see any problem in this approach.
Thanks again for your support,
Giorgio

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 1/23/2012 10:21:48 AM
   
RE:Disabling access to CMSDesk/CMSSiteManager in production to some users
Hello,

If you don't like the Roles solution, then this can be an alternative approach. I don't see any issues with this setup.

Best regards,
Boris Pocatko

Top