Kentico CMS 7.0 Developer's Guide

User management

User management

Previous topic Next topic Mail us feedback on this topic!  

User management

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

A user can be a member of any number of roles and can be assigned to any number of websites.


There are two important attributes of every user account:


Is editor - the user can access CMS Desk and the On-site editing interface. The attribute does not grant any particular permissions — it only differentiates between site editors and registered users who are limited to the live website. This provides an extra security layer. Users who are editors can access the editing interface of all sites to which they are assigned on the Sites tab.


Is global administrator - the user is authorized to access all sections of the system and perform any operations, regardless of permissions or other settings. Global administrators are the only users who can use the Site Manager interface.





Global administrators


Global administrators are the only users allowed to manage site settings and all development tools. Their permissions cannot be denied or limited – they have access to all features and data.


Local administrators cannot modify global administrator accounts.


Default user accounts


The following default user accounts are available:


Administrator – global administrator user with full permissions.

Public – user that represents an anonymous visitor of the site.


Creating a new user


New user accounts are typically created when a user goes through registration on the live site. However, you can also create accounts manually in Site manager -> Administration -> Users or CMS Desk -> Administration -> Users. Click AddUser New user and enter the following properties into the displayed form:


User name - the user's user name (login). By default, it must be unique across all websites in the system.

Full name - user's full name (first name, middle name and last name).

E-mail - user's e-mail address.

Enabled - indicates if the user account is enabled and the user can sign in.

Is editor - indicates if the user is allowed to sign in to CMS Desk and access the On-site editing interface. This is used to differentiate between users who are only allowed to visit member areas of the website and content editors.

Password - user's password.

Confirm password - user's password again for confirmation.





User passwords


It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which will be marked with a warning icon (Warning).


You can add a password manually by editing the given users, specifically on the Password tab.


The system can be configured to require users to enter passwords matching specific strength requirements. For more information, please see the Password management -> Password strength policy topic.



Editing user properties


You can edit user properties in Site manager -> Administration -> Users -> click the Edit (Edit) icon of the chosen the user.


General properties


The following properties can be set on the General tab:


User name - the user's user name (login). By default, it must be unique across all websites in the system.

Full name - user's full name (first name, middle name and last name).

First name - user's first name.

Middle name - user's middle name.

Last name - user's last name.

E-mail - user's e-mail address.


Enabled - indicates if the user account is enabled and the user can sign in.

Is editor - indicates if the user is allowed to sign in to CMS Desk and access the On-site editing interface. This is used to differentiate between users who are only allowed to visit member areas of the website and content editors.

Is global administrator - indicates if the user is a global administrator. Global administrators have full permissions for all features and data across the system and are not affected by permission settings for particular modules.

Is external user - this attribute is used when you are using an integration with an external user database.

Is domain user - indicates if the user was imported from Active Directory.

Is hidden - if true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.).

Disable site manager - this option is available only when editing a global administrator, but not when a global administrator is editing their own account. If enabled, the user will still be designated as a global administrator, but will not be able to access the Site Manager interface, i.e. will  only be allowed to perform actions in CMS Desk.


Preferred content culture - preferred culture in which the content is displayed to the user.

Preferred user interface culture - preferred culture in which the users wants to see the user interface (CMS Desk and Site Manager).


Created - date and time when the user account was created.

Last logon - date and time when the user last logged in.

Last logon information - information about the IP address and browser user agent of the user's last logon.


Starting alias path - the starting alias path of the content tree in CMS Desk -> Content; if you specify this value, the user is not allowed to browse other sections of the website in the content tree; please note that this feature is only intended for better usability and it doesn't ensure security control - if you need to establish access rights for a given user, grant appropriate document permissions (Properties -> Security) to them


You can also view the following information and perform related actions:


Invalid logon attempts - number of unsuccessful attempts to log in with a wrong password. You can reset the value to zero and unlock the user's account by clicking the Reset & enable button.

Password expires in - number of days left until the user's password expires. You can reset the validity to the maximum value by clicking Extend validity & enable.


User impersonation


Global administrators have the option of using the HeaderImpersonate Log in as this user button displayed at the top of the General tab. This allows them to sign in as the currently edited user and view the website or CMS Desk interface from their perspective. When this action is performed, the administrator will be redirected depending on the type of the impersonated user:


Editor - if impersonating an editor (a user with the Is editor option enabled), you will be redirected to CMS Desk.

Standard user - if impersonating a standard user, you will be redirected to the title page of the live site.


It is not possible to impersonate other global administrators.


User impersonation may also be performed from anywhere in the administration interface by opening the context menu located on the main header of CMS Desk or Site Manager and selecting HeaderImpersonate Impersonate.




When clicked, a dialog containing a list of all users under the current site is displayed, where you can select which specific user should be impersonated.


Actions carried out while impersonating a user are logged in Site Manager -> Administration -> Event log under a user name in format <user name> (<original user name>), where the original user is the administrator using the impersonate function.


When impersonating an editor in CMS Desk, you can return to the original global administrator at any time by selecting the ImpersonateCancel Cancel impersonation option available in the same context menu.






Here you can change the user's password:


Password - user's password.

Confirm password - user's password again for confirmation.


You can either enter a new password directly, or have the system generate a new one. The tab also provides the option to send an automatic notification e‑mail to the given user containing the new password.


This tab is hidden if the edited user is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user property enabled on the General tab of the user editing interface or if Is domain user is enabled and the application is configured to use Windows authentication.




On the Settings tab, you can edit the following properties of the user:


User nick name - nick name of the user used in website forums, on the user's profile, etc.

User picture - user's avatar image; this image will be used in forums and on user's profile; you can either upload an image or select a pre-defined avatar

User signature - user's signature that will be used below the user's forum posts

Description - optional text describing the user

URL referrer - URL from that the user came to the site when they performed registration

Campaign - if the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. Please see the Modules -> Web analytics -> Campaigns chapter for details.

Messaging notification e-mail - notifications about new messages received in the messaging module will be sent to this e-mail address


Time zone - user's time zone; if set, this time zone will be used where applicable instead of the site time zone

Badge - user's badge; depends on the number of gained activity points


User activity points - number of user's activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments

Live ID - user's Live ID token; this is a hexadecimal number that the user is identified by when logging-in via Windows Live ID

Facebook user ID - user's Facebook user ID; it is used when the user is logging in via Facebook Connect

OpenID - user's OpenID; it is used when the user is logging in via OpenID

LinkedIn ID - user's LinkedIn ID; it is used when the user is logging in via LinkedIn authentication


Activation date - date of the user's account activation

Activated by user - user who activated this user's account

Registration info - user's IP and browser agent detected on registration


Gender - user's gender

Date of birth - user's date of birth


Skype account - user's Skype account

Instant messenger - user's instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs (e.g. ICQ: 123456789)

Phone number - user's phone number; the number may be entered in any format, no validation is applied


Log activities - indicates if on-line marketing activities should be logged for this user

Waiting for approval - if checked, the user account is not active yet and is waiting for an administrator's approval

Show splash screen - determines if splash screen should be displayed to the user when accessing Kentico CMS administration interface

Show web part toolbar - determines whether the web part toolbar should be displayed for the given user when editing documents in CMS Desk on the Content -> Edit -> Design tab. This is only relevant for users who have the Design web site permission

Web part toolbar position - if the web part toolbar is enabled for the user, the choice made here sets its location on the Design tab


Forum posts - number of user's forum posts

Forum comments - number of user's forum comments

Blog comments - number of user's blog comments

Message board posts - number of user's message board posts


Custom Fields


Here you can edit the custom fields added to the user profile. The custom fields can be defined in Site Manager -> Development -> System tables -> User.




Here you can specify the sites into which the user can sign in using their user name and password credentials. To assign the user to a site, simply click the Add sites button, check the appropriate boxes in the displayed dialog and click OK to save the changes.





Please note


The sites assigned here only limit access to the CMS Desk interface. Logging in on the live site is possible even for users who are not assigned to the given site.


This is intended to allow the separation of access privileges for content editors responsible for different websites.




Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Please refer to the Role management topic for further information about roles.




Here you can specify the E-commerce module departments in which the user is authorized to manage products.




On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete (Delete) subscriptions in the list, which unsubscribes the user from receiving notifications.




This tab displays a list of the user's custom categories. Each of the categories can be edited (Edit) or deleted (Delete).


By clicking the New category, you can create a new category that will behave the same way as if it was created by the user in CMS Desk -> Edit -> Properties -> Categories.


The following details will be required when creating a new category:


Display name - name of the category displayed in the user interface

Code name - name of the category used in website code




On this tab, you can manage the currently edited user's friends.




On this tab, you can manage the user's subscriptions to newsletters, blog posts (comment notifications), message boards, forums and reports.




On this tab, you can specify which cultural versions of documents can be edited by the user. You have the following options:


User can edit all languages - if selected, the currently edited user can edit documents in all language versions of all sites in the system

User can edit following languages - if selected, you can specify which language versions can be edited by the user by checking the check-boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list




Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Please refer to Memberships to learn more.