Managing access to content in Umbraco

Fine grained management of Users’ permissions isn’t an exciting subject for a blog post, but for websites managed by anything more than one or two people, knowing who does what can be critical.

We’ve worked on a number of websites and content management systems where Editors bemoan how locked down the system is, and as a result everyone uses the same super-user login. But with a little thought and effort, tweaking the permissions settings in Umbraco can mean that the right people can do their job with the minimum of effort, and still remain compliant with security best practice.

Permission Types in Umbraco 

Out of the box, Umbraco features a number of groups including Writers (who can create content but not publish), Editors (who can write and publish) and Administrators (who can control access for other Users). Starting with a named user for each individual, and ensuring that they have Editor or Writer access, and restrict Administrator access to a select few, will bring you closer to what most people would consider to be security best practice.

As the number of users who are responsible for managing the system increases, then you may want to get more choosy about the access you grant them. For junior, and inexperienced users, it’s often useful to grant them Writer access and to restrict them to only accessing certain parts of the Umbraco Content Tree. These users can then create new content and save their changes, but will have to request an Editor to Publish their changes.

In one large organisation with around 20-30 editors who were responsible for different areas of the site, we would restrict the Start Node so that people could only see the subsection of the site they were responsible for, but they had complete Editor Control in that section and so could Publish changes. For example, the Head of Customer Services could log in to Umbraco, but only see the Customer Services knowledge base.

If you’d like help understanding how to use the Umbraco User Management Features then give us a call.