The security roles
Version:
Sitecore comes with a series of predefined roles that you can use to manage user authorization on items and functionality.
| Security role | Description |
|---|---|
| Everyone | All users are assigned the Everyone role. A virtual role that is not in the role database, and is only used for assigning and resolving security. It mirrors the Windows Everyone group, and you can use it to assign access rights to every user or every user in a specific domain. It is available as a global role and a local role in every domain. Note If you select a different domain than Sitecore, you must set the read/write permissions on the |
| Analytics Advanced Testing | Gives the user access to see additional tabs and controls in the Marketing Control Panel application. You typically give this role to optimization experts who need expanded rights when performing tests, traffic allocation, and so on. |
| Analytics Content Profiling | Gives the user access to the content profiling functionality in the Experience Editor and Content Editor applications. Members of this role are:
|
| Analytics Maintaining | Gives the user access to the Campaign Creator and Marketing Control Panel applications. The role gives the user permissions to create goal or page event messages and campaigns for messages. Members of this role are:
|
| Analytics Management Reporting | Gives the user access to view the management reports for optimization efforts. This role is typically given to users working with optimization who wants to view management reports for the optimization efforts. The user can still perform tests but this is not their main objective. |
| Analytics Personalization | Gives the user access to the personalization functionality in the Experience Editor and Content Editor applications. Members of this role can create and edit personalization rules. Note Users who are Members of this role are:
|
| Analytics Reporting | Gives the user access to the Campaign Creator, Marketing Control Panel, and Experience Analytics applications. Members of this role are:
|
| Analytics Testing | Gives the user access to Test Lab in the Marketing Control Panel application, the Experience Editor test functionality, and the Content Editor application. Members of this role can create and edit test variations. Members of this role are:
|
| Author | Gives the user access to content in the content tree and provides access to basic item editing features such as the Media Library and Content Editor applications with a reduced set of tabs on the ribbon. This role is also a member of two Sitecore Client roles, so if you assign just this role to a user, the Sitecore Client Authoring and Sitecore Client Users roles are also assigned automatically. Members of this role are:
|
| Designer | Gives the user read and write access to areas of the content tree required when changing layout details for individual items and groups of items via template standard values, as well as items required when configuring the Experience Editor Presentation tab. This role also includes two Sitecore Client roles as members, so if you assign just this role to a user, the Sitecore Client Designing and Sitecore Client Users roles are also assigned automatically. This role provides access to the Experience Editor Presentation tab Layout group features and the designer options in Content Editor. Note This role is not a member of the Author and Authoring roles, so it does not allow users to edit items. Members of this role are:
|
| Developer | Gives the user access to the Content Editor content manipulation facilities plus all the design and authoring roles normally used by client authors and client designers. It also provides access to more functionality on the Content Editor ribbon to allow full development features for users assigned to this role. This role also has access to the Development Tools menu in the Sitecore menu, which gives the user access to further development tools, such as Package Designer. |
| EXM Advanced Users | Gives the user full access to all Email Experience Manager functionality. This role is a member of the List Manager Editors role. Members of this role can:
|
| EXM Users | Gives the user access to all the Email Experience Manager basic functionality such as create, send, and manage messages. This role is a member of the List Manager Editors role. |
| Forms Editor | Gives users access to the Sitecore Forms, Campaign Creator, and Marketing Control Panel applications from the Launchpad. The user can execute forms editing operations such as Edit Form, Rename Form, Move Form, and Delete Form. |
| List Manager Editors | Gives the user access to the List Manager application to manage the contact lists. This is primarily given to EXM users. Members of this role are:
|
| Marketing Automation Editors | Gives the user access to the Marketing Automation application to create, edit, and manage marketing automation campaigns. In addition, this role gives the user access to the Marketing Control Panel application to create, edit, and manage marketing definitions that are part of the automation campaigns and the Analytics workflow. |
| Sitecore Client Account Managing | Gives the user access to maintain users, roles, and domains in the Access Viewer, the Domain Manager, the Role Manager, and the User Manager applications. Members of this role are:
|
| Sitecore Client Advanced Publishing | Gives the user access to the publishing functionality in the Experience Editor and Content Editor applications. This role has access to republish in addition to the same access rights as the Sitecore Client Publishing role. |
| Sitecore Client Authoring | Gives the user access to basic item editing features. The role is intended for client users to allow access to basic authoring features. The role only influences the Content Editor commands available, it does not influence the Desktop interface's menu or the Control Panel commands. Members of this role are:
|
| Sitecore Client Bucket Management | Gives the user access rights to the /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Item Buckets item in the Core database. |
| Sitecore Client Configuring | Gives the user access to the Content Editor features that allow a user to change the configuration details associated with items such as the icon associated with the item and whether the item is protected or hidden. This role adds the Configure tab to the Content Editor application and displays the Appearance, Insert Options, and Attribute groups. Members of this role are:
|
| Sitecore Client Content Reader | Gives the user read access to the content tree items in the Content Editor and the Media Library. This role is intended for basic read access. |
| Sitecore Client Designing | Gives the user access to Experience Editor Presentation tab features that allow a user to set layout details associated with items in the Sitecore client. Members of this role are:
|
| Sitecore Client Developing | Gives the user access to application shortcuts and commands commonly required by developers. Members of this role are:
|
| Sitecore Client Maintaining | Gives the user access to template editing features and reporting tools. This role is intended for Sitecore super-users and developers. Members of this role are:
|
| Sitecore Client Publishing | Gives the user access to the publishing functionality in the Experience Editor and Content Editor applications. Users that are not members of the Publishing role can still publish but only using the automatic publishing features associated with Workflows. This role has access to Incremental publish, Smart publish, and Publish related items. Members of this role are:
|
| Sitecore Client Securing | Gives the user access rights to security features in the Content Editor and other relevant applications. This role is intended for users who need to maintain users and access rights. Members of this role are:
|
| Sitecore Client Site Managing | Gives the user the rights to write, rename, create, and delete sites and site collections available in the Content Editor and other relevant applications. |
| Sitecore Client Translating | Gives the user access to the Sitecore translation features such as the Scan the database for untranslated fields command. The role is intended for content authors who need access to languages other than the site's default language. |
| Sitecore Client Users | Gives the user minimal access to Sitecore. With this role, the user can log in to Sitecore Desktop, but cannot access any applications. All of the other Sitecore client roles are members of the Sitecore Client Users role, so users in any Sitecore client role are automatically members of the Sitecore Client Users role. |
| Sitecore Limited Content Editor | Limits the amount of Content Editor functionality provided by the Sitecore Client Authoring role (which is still required for users given this role). When a content author is assigned this role, the author only have access to the Home, Review, and Publish tabs on the Content Editor ribbon and have no access to Copy, Move, or Sort from the item's right-click menu. |
| Sitecore Limited Page Editor | Restricts the amount of functionality in the Experience Editor application. However, unlike the Minimal Page Editor role, users assigned this role see a simple version of the standard Experience Editor ribbon. This role limits the amount of functionality provided by the Sitecore Client Authoring role (which is still required for users given this role) but allows more functional access than the Sitecore Minimal Page Editor role. |
| Sitecore Local Administrators | Sitecore local administrators can log in to Sitecore and manage the security applications (including assigning security) within that domain. A local administrator cannot create domains or associate domains to users. Note The local administrator role is a member of the Sitecore Client Users, Sitecore Client Account Managing, and Sitecore Client Securing roles. You can use this role as a shortcut to adding these roles to a user. |
| Sitecore Minimal Page Editor | Restricts the Experience Editor functionality to the absolute minimum, and prevents users who have been assigned this role from accessing the Experience Editor ribbon. For example, members of the Minimal Page Editor role cannot switch personalization variations. This role limits the amount of functionality provided by the Sitecore Client Authoring role (which is still required for users given this role). |
If you have suggestions for improving this article, let us know!