Working with roles and permissions

Every now and then we are given the challenge to create custom roles specific to clients needs. In this post I would like to share with you how I typically handle the role creation and configuration of the permissions.

First of all let's start with creating a new role.

Create the role
For more details on role management check out the Kentico documentation.
Next up assign a user to the role.

Assign user to the role

Assuming the user has editorial access we can now use his or hers account to login and experience what he or she can actually access in the administration section. 

Tip: you can easily impersonate the user from the top right section or within the user management module (if you have permissions to do so).

Notice that the account does not have access to the resource 'CMS' and misses permissions for UI element 'Administration'.

Access denied to resource
This is actually what I want, as I prefer to start without any permissions and build it up along the way. Let's apply some UI personalization. You might be prompted to enable the "Enable UI personalization" setting.

Enable UI personalization
Tick the CMS and Administration boxes as illustrated in the below image.

Basic UI personalization settings

The user will now have access to the administration section. Notice that no single module is available.

Empty dashboard

Let's add for example the form module. Tick the "Content management" box followed by "Forms'.

Tip: You can easily select/deselect all child elements using the "select all" and "clear all" links.

Enable UI personalization for Forms module

This however is not enough. The UI personalization only controls what the user can see. We will also need to specify actual permissions to access the forms module. Click on the permissions tab and grant permissions to read the forms module.

Setup permissions

Once the user refreshes the page, he or she will be able to access the forms module.

Access granted to the module
Notice that the "New form" button is disabled because we did not enable the "Create form" permission. This is actually pretty neat as you have a lot of control over what the user can access.

One final cool thing is to add the forms module as tile to the default dashboard of the user. Open the "Default dashboard" tab and add the forms module.

Update default dashboard

The user will now see the forms module in the dashboard.

Updated dashboard

Tip: check out security debugging if you are having trouble finding the right permission or UI personalization setting.