Separation of users and members

Tom Troughton asked on May 15, 2015 11:25

I'm trying to understand how Kentico separates users who are CMS editors from users who are registered users of the website (I'd call these latter group 'members' but Kentico seems to define membership slightly differently).

As far as I can tell, in Kentico terms these are all simply 'users' and are mainly distinguished by their privilege level being either None or Editor. Am I right about this?

If so this concerns me because the person who manages a site's users will obviously be a different role than the person who manages CMS editors. I wouldn't want someone who manages registered users, for example, to be able to change the roles of a CMS editor. Is there any way to separate these processes?

Correct Answer

Brenden Kehren answered on May 15, 2015 14:01

A user is a user is a user. Security roles define what each user can do. This is common functionality in most any application.

If you're concerned with an someone editing someone with higher privileges, create a custom module for the membership manager and filter out anyone who is in a specific role or has specific property values. Then create the UI piece to give them access to it from the Admin interface. In version 8 this can be done in about 15 minutes without coding anything.

1 votesVote for this answer Unmark Correct answer

Recent Answers


Tom Troughton answered on May 15, 2015 15:25

Well I'd argue that a registered site visitor is a fundamentally different entity than a CMS editor, certainly in terms of who is responsible for their management in a large, corporate environment. But I guess it's a matter of opinion! Certainly other CMS's separate the concepts (e.g. Umbraco).

Thank you for your advice about custom module though. I think that's the answer in my case. Wasn't an answer that had occurred to me.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on May 15, 2015 16:32

Nat, when it comes down to it, a user is a user is a user. It's not an opinion at all. I've never worked with Umbraco but I'd be willing to guess the underlying structure of a registered site visitor/member and an admin type user are the same they are just separated into different tables; most users have these properties no matter what kind of user they are:

  • username
  • first name
  • last name
  • full name
  • email
  • can be assigned to security roles

Pretty simple concept really and adding to is is more specific to what the application does.

0 votesVote for this answer Mark as a Correct answer

Tom Troughton answered on May 15, 2015 18:27

Brenden, I absolutely agree with what you say. Certainly users are users internally. But when you're talking about how and where they are managed I believe they should be considered very differently. My point is simply that the people who manage CMS users are not the same as they people who manage membership of the site for anything but small organisations. And there is potential for misuse if those responsibilities are mixed.

0 votesVote for this answer Mark as a Correct answer

Charles Matvchuk answered on May 15, 2015 19:00

I do understand your point Nat. I created a custom module interface to do the same thing. I have 10,000+ users, and only 2 people manage them. I didn't want those two people able to modify the 8 editors and 2 admins, nor see any of their information, since we also keep some confidential information there as well. Basically we needed to separate the concerns of the interface by business process and job description.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on May 16, 2015 06:24

I too understand your point Nat. Like Charles a large number of users (65,000+) and adding more for multiple secure sections of a single site. As Charles did, I've created a custom module to essentially filter out those users by what they have registered for. No admin accounts are in any of the searches.

To my point, separating them in the database is not really not necessary since you can restrict access by roles or other properties that Kentico has provided on the user.

Happy coding and good luck with the module, should be pretty easy in 8!

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.