Sitecore CMP security
Security in Sitecore Content Marketing Platform (CMP)™ is defined by out-of-the-box user groups and through the reusability of the powerful core permissions framework. Security is enforced through the implementation of Access Control Lists for users; defining READ or WRITE permissions for the content within CMP.
The roles of the user groups are enforced through the Sitecore CMP state flows (Sitecore CMP flow and ideation flow respectively).
For further information on the Sitecore CMP flow, please see CMP Flow.
The ideation flow allows any user with CREATE permissions to create a draft idea and submit for approval.
This idea is then approved for creation by the M.Builtin.ContentAdministrators role, which is the pre-defined user group for users requiring content administration permission. M.Builtin.Editors * create the content. Before the content is reviewed, annotated, and ultimately approved or rejected by the *M.Builtin.Approvers. M.Builtin.ContentAdministrators then take control of the content and take responsibility for publishing the content.
User groups used in Sitecore CMP
User Group | Purpose |
---|---|
M.Builtin.ContentAdministrators | Overall content management, as well as approving and rejecting content for creation. |
M.Builtin.Editors | Creating and editing content. |
M.Builtin.Approvers | Reviewing of content: annotating, approving, and rejecting content. |
M.Builtin.CMP.Everyone | Provides READ permissions to Sitecore CMP entities created by the current user. However, in some conditions, M.Builtin.CMP.Everyone has the permissions to create, update, and delete M.Content and M.Asset. |
M.Builtin.SM.Everyone | Assigns READ permissions to the states, which together build the ideation and the Sitecore CMP flows respectively. |
M.Builtin.Readers | Provides READ permissions, READ annotations permissions, and Download preview permissions. |
Custom user groups can be created by superusers, as mentioned in the security overview section.