User access and permissions
In Sitecore Content Hub, as a superuser, there are various settings you can configure to determine which features a user can access and which actions they can perform, including:
-
User group policies - these determine who has access to what, and which actions they can perform.
-
Module assignment - the modules assigned to a user or user group grant certain permissions and give access to various portal pages and entities.
-
User group membership - each member of a user group inherits the permissions defined in the group's policies.
-
Project roles - grant access to (and determine permissions for) projects, jobs, stages. Similarly, user roles grant access and determine permissions for asset collections and content collections.
If your organization is using Sitecore Cloud Portal, you can't create new users locally. In this case, you invite new users to your Cloud Portal organization and assign roles to them from there. Then, you can add your new users to the groups you want in Content Hub.
For example, let's say you want the Demo.Photographer user to only see their assigned tasks on the Tasks page. To achieve this, the Demo.Photographer:
-
Is assigned the Project module.
-
Is a member of the W.Photographers user group, which assigns Read permission for Portal.Page definitions only.
-
Is a member of the Everyone user group, which assigns the minimum permissions required by a user in Content Hub; and the M.Builtin.Project.Everyone user group, which assigns Read permission for pages related to projects, tasks, and jobs.
-
Has no project roles.
The following image illustrates the various permission layers.