Kentico User and Role Management

Estrada anderson asked on October 8, 2020 07:21

I am running Kentico 11. I have a section of the site that requires user login to read and download some hidden content.

Those users are stored in the Configuration -> Users table. I have a custom Role that these users are assigned to so they can login and view the content & download files. We have an external (CRM) system that is integrated with Kentico. This CRM automates the User account creation & Role assignment based on yearly training records. So the user accounts do not get manually created. CRM manages the creation & deactivation. This is working as intended with 1,000s of users.

Business requirements have changed and now requires two levels of access. Will require a 2nd Role be created. First tier will allow basic access to content. A new 2nd tier (additional Role) will allow access to the file downloads.

The first tier will remain managed by the 3rd party integration from CRM (account & 1st role assigned). The 2nd tier will have to be manually controlled. Someone will have to login to Kentico, Configuration -> Users. Search for the user and add the 2nd Role.

To avoid putting the burden on the programmers I need to allow some of my non-technical team (customer support, product management) to be able to manage the Users.

These non-technical do not have Kentico CMS accounts. I do not want to make them Administrator and give them "keys to everything".

My question is specific to Configuration -> Permissions -- can I give my non-technical team the Read permission to "CMS Basic User" and Manage User Roles "Contractor" (and my custom role 1st ) and expect that they will be able to login to Kentico, navigate to Users and maintain my Contractors.

This is expected to allow them to view my contractors, and add them to a new 2nd role "Contractor Download". Take bob.smith@someemail.com for example. Bob is a contractor, the CRM tool added him to the Users Table with the roles Authenticated, Everyone and Contractor. Bob has completed some training and now needs the Contractor Download role.

Is the appropriate best-practice in Kentico to give my non-technical staff the CMS Basic User role & Contractor Role so they can manage our contractors? Is there a risk to this configuration? Will they be able to manage other roles? I do not want them to be able to edit content management, ecommerce or any other configurations.

Recent Answers

Brenden Kehren answered on October 8, 2020 15:30

What I'd suggest if you have great concern about those "non-users" being able to manage users is create a webpart or page where those special users can manage roles. How you'd do this is:

  • create a special section in the site.
  • make that section of the site require authentication.
  • create a role and give that role permissions to access that section of the site.
  • create a user and set the user's starting path == the special section in the site you gave them permissions to. For example, if your section is /manage-users, you'd set that path value to /manage-users. This only allows them to see that section of the site in the content tree.
  • assign that new user to that role.
  • create a web part that has a user selector control, a dropdown with the 2 roles you're working with and a submit button.
  • allow the admin user to find a user and assign them to the role they choose.

Sounds like a lot of work but it's actually pretty simple process and gets over some of the shortcomings of what Kentico's Admin UI will allow you to do.

1 votesVote for this answer Mark as a Correct answer

Estrada anderson answered on October 10, 2020 13:48 (last edited on October 10, 2020 16:28)

Thanks for info.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.