How can I give an editor permission to access Sites tab in Users module?

Tom Troughton asked on September 6, 2016 13:35

I have an editor role I'd like to give access to edit users. I've created a role, set Allow permissions for the Users module for all permissions, then in UI Personalization I've checked the following items under CMS / Administration / Configuration / Users / Users (and also the equivalent in Users (Global):

  • General
  • Password
  • Sites
  • Roles
  • Languages

However, when I sign in as a user with this role, I can access Users module, edit a user and see all tabs except for Sites. Can anyone let me know what else I need to do to enable the Sites tab when editing a user?

I really don't want to make this user an administrator because that will give them far more permissions than they should have.

Correct Answer

Jan Hermann answered on September 6, 2016 13:51

You don't. Site tab is present just in Users (global) application that is available only for global administrators to be able to edit users across all of your sites - that's why it's global. Administrators and Editors can manage only that site specific users.

1 votesVote for this answer Unmark Correct answer

Recent Answers

Tom Troughton answered on September 6, 2016 16:35

So, to confirm, it's not possible to create a role which just has the responsibility of creating users and assigning them to sites?

This is something I don't understand about Kentico. It forces us to give clients global admin permissions to perform simple, granular tasks like this. It means someone in, for example, a client's IT department with responsibility for managing users, has to also be given the power to change templates, delete web parts, delete entire sites etc. To me this is extremely dangerous. Other CMS's allow us to define granular administrator roles with very specific permissions. Does Kentico have any plans to do this? It makes it very difficult when dealing with enterprise clients who wish to separate CMS roles throughout the business.

1 votesVote for this answer Mark as a Correct answer

Jan Hermann answered on September 6, 2016 18:39

Yes, we are planning to provide full support of permissions and it will be up to you whom you grant them to (even global applications).

Now, you don't have to make that IT guy a global admin - you need to provide him/her with an access to all of your sites. It's not ideal, but then if they need to create a user for site A they need to login to site A and the user will be assigned to site A. That's a purpose of global admin to have access to all sites - otherwise you have permissions just for that one site you edit.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.