Every now and then we are given the challenge to create custom roles specific to clients needs. In this post I would like to share with you how I typically handle the role creation and configuration of the permissions.
First of all let's start with creating a new role.
For more details on role management check out the Kentico documentation
Next up assign a user to the role.
Assuming the user has editorial access we can now use his or hers account to login and experience what he or she can actually access in the administration section.
Tip: you can easily impersonate the user from the top right section or within the user management module (if you have permissions to do so).
Notice that the account does not have access to the resource 'CMS' and misses permissions for UI element 'Administration'.
This is actually what I want, as I prefer to start without any permissions and build it up along the way. Let's apply some UI personalization. You might be prompted to enable the "Enable UI personalization" setting.
Tick the CMS and Administration boxes as illustrated in the below image.
The user will now have access to the administration section. Notice that no single module is available.
Let's add for example the form module. Tick the "Content management" box followed by "Forms'.
Tip: You can easily select/deselect all child elements using the "select all" and "clear all" links.
This however is not enough. The UI personalization only controls what the user can see. We will also need to specify actual permissions to access the forms module. Click on the permissions tab and grant permissions to read the forms module.
Once the user refreshes the page, he or she will be able to access the forms module.
Notice that the "New form" button is disabled because we did not enable the "Create form" permission. This is actually pretty neat as you have a lot of control over what the user can access.
One final cool thing is to add the forms module as tile to the default dashboard of the user. Open the "Default dashboard" tab and add the forms module.
The user will now see the forms module in the dashboard.
Tip: check out security debugging if you are having trouble finding the right permission or UI personalization setting.