This topic is intended for administrators and developers with administration access rights in Episerver.
Access rights control availability of website content to visitors, and what editors can do and where they can do it in the content structure. Content is visible to visitors that have access rights and invisible to unauthorized users. You can set access rights for types of content such as pages and blocks, and images and documents in asset folders.
You manage access rights from the administration view in Episerver CMS, but you also can let editors manage access rights for a single page in edit view.
Access rights for views and features
A standard installation of Episerver has a set of built-in user groups and roles for controlling access to the various views and features in Episerver and related products. You can extend predefined groups and roles based on your organization and website structure.
When your website is set up during development, configure the membership and role providers available for your website to use the built-in groups and roles in Episerver.
|Administrators||Used by Windows and is defined when the website is created. An administrator has, by default, access to all parts of the system, and can edit all website content. Often, administrators are developers setting up or maintaining the website.|
|WebAdmins||Provides access to both the admin and edit views, and the administration interfaces for add-ons and visitor groups. Membership in WebAdmins does not provide editing access in the content structure by default. In most cases, only a few system administrators or “super users” belong to this group.|
|WebEditors||Provides access to the editing view, and membership is required to access editing functionality. Editors also need membership in a structure group to edit content. On large websites, editors are often organized in groups according to content structure or languages.|
|Everyone||Used by Windows and provides “anonymous” visitors with read access to website content. All unregistered visitors to a public website are anonymous, meaning that they cannot be identified by the system. Removing access rights for the “Everyone” group, requires login to access content even if it is published.|
Visitor groups are used by the personalization feature, and you need administration access rights to manage visitor groups. If you want an editor to manage visitor groups without providing access to the entire admin view, you can make the editor a member of VisitorGroupAdmins. This group provides access only to the Visitor Groups option in the global menu.
Add-ons are plug-ins for extending Episerver functionality, and you need administration access rights to manage add-ons. If you want a user to be able to manage add-ons without providing access to the entire admin view, make the editor a member of PackagingAdmins. This group provides access only to the Add-ons option in the global menu.
Some add-ons also may have specific user groups defined for accessing the functionality. See the documentation for each add-on to find out more.
If your website has content in multiple languages, you can define access levels for languages so editors can create content in languages only to which they have access. See Configuring website languages.
In addition to adding users to user groups to provide access to features and views, you should work with structure groups to control access to the content, such as pages, blocks and media folders. See Access rights in the content structure to find out more.
More on access rights
Access rights for Commerce
If you have Episerver Commerce installed on your website, see the Commerce access rights section for information about access rights.
Access rights for Find
If you have added Episerver Find to your website, see the Find access rights section for information about access rights.