Roles vs Privilege Level

Justin Grimm asked on January 12, 2017 00:04

I have a user with a privilege level set to "Administrator". I setup a new custom role. Within Role > UI Personalization > Administration - Module = (All) I went in and checked a few sections I want users with this role associated to have access to. Example, can access Content Management > Media Libraries (with all access beneath). But no other access.

When I login as this user, they still have full access to everything. What am I missing in setting up a user/role with restricted CMS access to certain modules?

Correct Answer

Trevor Fayas answered on January 12, 2017 00:26

If my memory serves me correctly, you may not be able to limit to the level you want a user who is an Administrator. There are certain 'they always have access' levels with Administrators.

https://docs.kentico.com/k10/managing-users/user-management

Global Administrator - The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who can work with global applications.

Administrator - The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks).

Editor - The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab.

The Editor privilege level does not grant any permissions – it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles.

None - The user cannot access the system's administration interface. Ability to view pages and perform actions on the live site depends on the site's security options and the roles assigned to the user.

So as you can see, you will need to go with an Editor and give permission, vs. Administrator.

2 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.