The security roles
XM Cloud comes with a series of predefined roles that you can use to manage user authorization on items and functionality.
Security role |
Description |
---|---|
Everyone |
All users are assigned the Everyone role. A virtual role that is not in the role database, and is only used for assigning and resolving security. It mirrors the Windows Everyone group, and you can use it to assign access rights to every user or every user in a specific domain. It is available as a global role and a local role in every domain. Note If you select a different domain than Sitecore, you must set the read/write permissions on the Languages node for one of the base roles or for the Everyone role for that domain. |
Author |
Gives the user access to content in the content tree and provides access to basic item editing features such as the Media Library and Content Editor applications with a reduced set of tabs on the ribbon. This role is also a member of two Sitecore Client roles, so if you assign just this role to a user, the Sitecore Client Authoring and Sitecore Client Users roles are also assigned automatically. Members of this role are:
|
Designer |
Gives the user read and write access to areas of the content tree required when changing layout details for individual items and groups of items via template standard values, as well as items required when configuring the Experience Editor Presentation tab. This role also includes two Sitecore Client roles as members, so if you assign just this role to a user, the Sitecore Client Designing and Sitecore Client Users roles are also assigned automatically. This role provides access to the Experience Editor Presentation tab Layout group features and the designer options in Content Editor. Note This role is not a member of the Author and Authoring roles, so it does not allow users to edit items. Members of this role are:
|
Developer |
Gives the user access to the Content Editor content manipulation facilities plus all the design and authoring roles normally used by client authors and client designers. It also provides access to more functionality on the Content Editor ribbon to allow full development features for users assigned to this role. This role also has access to the Development Tools menu in the Sitecore menu, which gives the user access to further development tools, such as Package Designer. |
Sitecore Client Account Managing |
Gives the user access to maintain users, roles, and domains in the Access Viewer, the Domain Manager, the Role Manager, and the User Manager applications. Members of this role are:
|
Sitecore Client Advanced Publishing |
Gives the user access to the publishing functionality in the Experience Editor and Content Editor applications. This role has access to republish in addition to the same access rights as the Sitecore Client Publishing role. |
Sitecore Client Authoring |
Gives the user access to basic item editing features. The role is intended for client users to allow access to basic authoring features. This role only influences the Content Editor commands available, it does not influence the Desktop interface's menu or the Control Panel commands. Members of this role are:
|
Sitecore Client Bucket Management |
Gives the user access rights to the /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Item Buckets item in the Core database. |
Sitecore Client Configuring |
Gives the user access to the Content Editor features that allow a user to change the configuration details associated with items such as the icon associated with the item and whether the item is protected or hidden. This role adds the Configure tab to the Content Editor application and displays the Appearance, Insert Options, and Attribute groups. Members of this role are:
|
Sitecore Client Content Reader |
Gives the user read access to the content tree items in the Content Editor and the Media Library. This role is intended for basic read access. |
Sitecore Client Designing |
Gives the user access to Experience Editor Presentation tab features that allow a user to set layout details associated with items in the Sitecore client. Members of this role are:
|
Sitecore Client Developing |
Gives the user access to application shortcuts and commands commonly required by developers. Members of this role are:
|
Sitecore Client Maintaining |
Gives the user access to template editing features and reporting tools. This role is intended for Sitecore super-users and developers. Members of this role are:
|
Sitecore Client Publishing |
Gives the user access to the publishing functionality in the Experience Editor and Content Editor applications. Users that are not members of the Publishing role can still publish but only using the automatic publishing features associated with Workflows. This role has access to Incremental publish, Smart publish, and Publish related items. Members of this role are:
|
Sitecore Client Securing |
Gives the user access rights to security features in the Content Editor and other relevant applications. This role is intended for users who need to maintain users and access rights. Members of this role are:
|
Sitecore Client Site Managing |
Gives the user the rights to write, rename, create, and delete sites and site collections in relevant applications available in XM Cloud. |
Sitecore Client Translating |
Gives the user access to the Sitecore translation features such as the Scan the database for untranslated fields command. This role is intended for content authors who need access to languages other than the site's default language. |
Sitecore Client Users |
Gives the user minimal access to Sitecore. With this role, the user can log in to Sitecore Desktop, but cannot access any applications. All of the other Sitecore client roles are members of the Sitecore Client Users role, so users in any Sitecore client role are automatically members of the Sitecore Client Users role. |
Sitecore Limited Content Editor |
Limits the amount of Content Editor functionality provided by the Sitecore Client Authoring role (which is still required for users given this role). When a content author is assigned this role, the author only have access to the Home, Review, and Publish tabs on the Content Editor ribbon and have no access to Copy, Move, or Sort from the item's right-click menu. |
Sitecore Limited Page Editor |
Restricts the amount of functionality in the Experience Editor application. However, unlike the Minimal Page Editor role, users assigned this role see a simple version of the standard Experience Editor ribbon. This role limits the amount of functionality provided by the Sitecore Client Authoring role (which is still required for users given this role) but allows more functional access than the Sitecore Minimal Page Editor role. |
Sitecore Local Administrators |
Sitecore local administrators can log in to Sitecore and manage the security applications (including assigning security) within that domain. A local administrator cannot create domains or associate domains to users. Note The local administrator role is a member of the Sitecore Client Users, Sitecore Client Account Managing, and Sitecore Client Securing roles. You can use this role as a shortcut to adding these roles to a user. |
Sitecore Minimal Page Editor |
Restricts the Experience Editor functionality to the absolute minimum, and prevents users who have been assigned this role from accessing the Experience Editor ribbon. For example, members of the Minimal Page Editor role cannot switch personalization variations. This role limits the amount of functionality provided by the Sitecore Client Authoring role (which is still required for users given this role). |