Sitefinity Roles & Permissions | OpsBlu Docs

Sitefinity Roles & Permissions

Sitefinity CMS role-based access -- backend roles, permissions structure, widget permissions, and .NET security integration.

Sitefinity CMS (by Progress Telerik) uses a .NET-based role and permission system with granular control over backend sections, content types, and widget placement.

Built-in Roles

Role Backend Access Content Design Admin Users
Administrators Full Full Full Full Full
BackendUsers Yes Assigned No No No
Editors Yes Edit/Publish No No No
Authors Yes Create/Edit No No No
Designers Yes No Full No No
Everyone Front-end only View No No No

Permission Structure

Sitefinity permissions are organized by section:

// Permission areas in Sitefinity
// Backend > Administration > Permissions
//
// Global Permissions:
//   - Backend Access
//   - Manage Users
//   - Manage Roles and Permissions
//
// Per-Module Permissions:
//   - Content > Pages (View, Create, Modify, Delete, Change Owner)
//   - Content > News (View, Create, Modify, Delete)
//   - Content > Blog Posts (View, Create, Modify, Delete)
//   - Design > Page Templates (View, Modify)
//   - Design > Widget Templates (View, Modify)

Custom Roles

Create roles via Administration > Roles > Create a role:

// Programmatic role creation via Sitefinity API
using Telerik.Sitefinity.Security;

var roleManager = RoleManager.GetManager();
roleManager.CreateRole("AnalyticsManager");
roleManager.SaveChanges();

// Assign permissions to the role via the backend UI
// Administration > Permissions > [Section] > Set Permissions for AnalyticsManager

Analytics-Relevant Permissions

Adding analytics requires page template editing (Design permissions) or widget management:

<!-- Sitefinity: Design > Page Templates > Edit Master Page -->
<!-- Or add via a custom widget/layout control -->
<head>
  <asp:ContentPlaceHolder ID="Head" runat="server" />
  <script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
  <script>
    window.dataLayer = window.dataLayer || [];
    function gtag(){dataLayer.push(arguments);}
    gtag('js', new Date());
    gtag('config', 'G-XXXXXXXXXX');
  </script>
</head>

Active Directory Integration

Sitefinity integrates with Windows AD for enterprise authentication via Administration > Settings > Advanced > Security > Membership Providers.

Best Practices

  1. Use the Designers role for front-end developers who need template but not content access
  2. Create a custom AnalyticsManager role with Design > Page Templates permissions only
  3. Restrict Administrators role to IT staff and site owners
  4. Use the Authors role for content creators without publish permissions
  5. Leverage AD integration for enterprise SSO rather than managing Sitefinity accounts separately
Back to top