Site-specific users

In the enterprise environment, you often are tasked to manage and create content for multiple sites. In such cases, it is practical to divide the site management into different teams.

This facilitates you in your process to align with regulations, such as GDPR and CCPA, which mandate that a minimal amount of people should have access to customer information. It also simplifies the organization structure and facilitates your everyday tasks by enabling you to access and manage only the sites relevant to your goals. Such isolation prevents one team from accessing or deleting the information belonging to another team.

For example, you can have different product groups in the same company that take care of separate product sites; or you can have a company with franchise or dealership network where each licensee or dealer has own site.

Sitefinity CMS enables you to organize and assign access to different sites using User groups.
User groups allow you to group different user accounts and let them log into, manage, or change the content only to a group of sites that are relevant to them. User groups govern what sites a particular user account can work with, while the permissions govern which resources are available within these sites.

By default, the user groups are disabled, and all user accounts can interact with all sites. Thus, administrators can log in to every site’s backend, modify, or delete them. Content editors can access information or modify content on all sites unless their permissions explicitly deny this.

For more information, see Provider model, Authentication, and Users.

When user groups are enabled, you have two types of administrators - local and global. The local administrators are administrators of one particular user group and all the sites that this group belongs to, while the global administrators are administrators of the entire Sitefinity CMS instance.

IMPORTANT: User groups are not a strict security boundary. If for example, a site uses two user groups, the administrators that belong to one of the groups can create other administrator accounts in the other user groups that the site uses. If one such group is the Default group, she can create an administrator account with full access to your entire Sitefinity CMS backend. To avoid this, use only one user group per site.

Local administrators

• Local administrators can log into and manage only the sites that use the user group to which their account belongs.
• If local administrators can access multiple sites, they can use the site selector in the top-left corner, but Manage sites and Settings links are not available.
• Local administrators have access only to the Page templates page in the Design section.
• Local administrators have access only to the following configurations in the Settings section:
• Users 
  They can manage only the user accounts that belong to their user group.
• Site shield
  Only if the site shield is enabled by a global administrator for the entire Sitefinity CMS instance.
• Translations
• Alternative publishing
• Sitemap
• Local administrators can manage only the following Basic settings:
  • Time zone
  • System email templates
• Local administrators can manage only Advanced settings that have been configured to have per-site values.
  For more information, see Site-specific settings.
• Local administrators have access only to the Personalization page of the Marketing section.

Global administrators

The only difference is when you are a global administrator and access a basic or advanced setting, which is available per-site. These settings have dropdown boxes next to their names where you can select which user group they apply to.

NOTE: You can choose to override the setting, which is configured by a local administrator, and set it to a specific value per site, or remove the per-site value and let the setting use the value shared among all sites.

You should not allow shared content to be edited by local users.

EXAMPLE: You have two sites, Site A and Site B, which share a content provider, such as a shared image library. Using User groups, you set up some backend users to have access to only Site A and other backend users to have access to only Site B. In this case, by default, users of site A can modify the content of the shared library and thus affect the content of Site B.

There are the following approaches to avoid this scenario:

• Set proper permissions to the shared libraries so that the limited users have only read-only access and let only the global users modify the library content. For more information, see Permissions for libraries.
• Organize your user groups and content sources in such ways that the sites have the same user groups and shared content sources.

Once you have configured multiple user groups, you can control whether your users need to manually choose the user group their account belongs to when they log into the Sitefinity CMS backend of your site.

By default, Sitefinity CMS automatically searches the account in all user groups beginning with the Default user group and authenticates the user in the first user group that contains the user credentials. The users cannot choose the user group in the UI of the login form. To enable your users to be able to manually select the user group for authentication, perform the following:

1. Log into Sitefinity CMS backend as a global administrator.
2. Navigate to Administration » Settings » Advanced » Security.
3. To enable the users to manually choose the user group of their account when logging in, choose Manual in the Membership provider selection on login. Otherwise, choose Auto.
4. Save your changes.

Authentication with separate User groups is not working when your site has subfolders
For example, yoursite.com/eu and yoursite.com/us. For more information see Create sites.
To avoid this scenario, you can:

• Expose your sites as subdomains, such as eu.example.com and us.example.com.
  
• Expose your sites not as subfolders, but as different sites, such as yoursite-eu.com and yoursite-us.com.