Kentico Xperience 13 documentation and ASP.NET Core

Most documentation about running Xperience applications under ASP.NET Core can be found in a dedicated section: Developing Xperience applications using ASP.NET Core. The rest of the documentation still applies, but some code samples and scenarios might need slight modifications for Core projects.

All major differences between the MVC 5 and Core platforms are summarized in Migrating to ASP.NET Core.

×

Permission model overview

Xperience provides a flexible security model that allows you to configure granular access permissions for pages and applications in the administration interface.

The security model consists of:

Relationships between users, roles and permissions

The following figure shows how users are assigned to roles and how permissions for pages and applications are granted to users and roles:

Permissions model in Kentico

Users can be members of any number of roles. Permissions for particular pages can be granted to users directly. If you want to grant module permissions to a user, you need to make the user a member of a role, and grant the permissions to the role.

Each user has a privilege level that controls access to the administration interface, and can override permission requirements (for administrator levels).

Roles in Xperience are fully customizable. You are not limited to a predefined set of roles. Instead, you can define your own roles with custom sets of permissions.

If a user is a member of multiple roles, their permissions for modules are calculated as a sum of all permissions granted to all roles.

If permissions for pages are granted to both a user and their roles, page permissions are calculated as a sum of all permissions granted to the user and to all roles. If you deny a page permission for a user or one of their roles, then the result is always "denied" for the given permission, even if some of the roles are allowed to perform the action.


Was this page helpful?