Granular permissions for individual items

Consider the following use case:

You want to create a custom role, which enables users to:

  • View all blogs and their blog posts
  • Edit and delete a particular blog
  • Create, edit and delete blog posts of only this particular blog

Users in this role are not able to:

  • Create any blogs
  • Edit or delete any blogs, except a particular one 
  • Create, edit or delete any blog post in blogs other than this particular blog.

To accomplish this, perform the following:

  1. Create a custom role
    Create a dedicated role whose users will be able to edit only one blog and its posts.
    Perform the following:
    1. In the Sitefinity CMS backend, Administration » Roles » Create a role.
    2. In the input files, enter BlogEditors and click Create.
      Go back to the Dashboard. 
  2. Setup the global permissions for blogs.
    Perform the following:
    1. In the Sitefinity CMS backend, click Administration » Permissions » by Section » Blogs.
    2. Under sections Create a blog, Delete blog and posts, and Modify blog and manage posts, perform the following:
      1. Click Change.
      2. Select the Explicitly deny this to selected roles and users: checkbox and click Add roles or users.
      3. Select role BlogEditors and click Done selecting » Done.
        Go back to the Dashboard.
  3. Setup individual blog permissions.
    Perform the following:
    1. Click Content » Blogs.
    2. Expand the Actions link of the blog for which you want the BlogEditors role to have permission to modify and manage its blog posts.
    3. In the dropdown box, select Permissions.
    4. Click Break inheritance.
    5. Under sections Delete this blog and its posts and Update this blog and manage its blog posts, perform the following:
      1. Click Change.
      2. Under Advanced, remove BlogEditors role and deselect Explicitly deny this to selected roles and users: checkbox.
      3. Select Selected roles or users radio button and click Add roles or users.
      4. Select the BlogEditors role and click Done selecting » Done.

RESULT: All users assigned in role BlogEditors can edit and delete only one particular blog. They can also create, edit, and delete blog posts in this blog. For all other blogs they have only view permissions.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?