In any content management system your editors are central to the management of your content. It’s important to give them the right level of access so they are not restricted, but at the same time protecting certain areas of the website that they may not be responsible for.

You may even have some editors that are not employees of your company, they may work for an external agency. Umbraco has all the tools you need to manage this scenario successfully.

In Umbraco, website editors are managed in the Users section as shown here:

Overview of all users

Overview of all users


Creating a new user

There are two ways to create new users in Umbraco:

1. Create a user with a default password
The traditional way is to create a user and assign them an initial password. They can then change their password to something more memorable when they first login. This methods relies on the administrator communicating the login details with the users, typically by email.

2. Invite a user by email
This is the most secure way to create a new user because your are not distributing login details. Instead you create the account and the user then gets an email inviting them to complete the account creation by following a secure link and generating their own password. This means the administrator never needs to know what the password is.

By default, an editor's username is their email address, but this can be configured differently for each website as required.

Generate invitation for a new user with a custom welcome message

Generate invitation for a new user with a custom welcome message


User Groups

User permissions can be set at a very granular level, but most of the time each user will have a role that’s common to most websites.

Overview of all user groups

Overview of all user groups

Umbraco provides the following User Groups out of the box:

Administrator
Has complete access to all features of the website backoffice, including advanced developer features.

Editor
Allowed to create and publish content without approval from others.

Writer
Allowed to browse and create pages but must request publication from an Editor or Administrator.

Translator
Allowed to browse and update pages for translation but pages must be reviewed before publication.

Create your own
You can create your own user group with custom permissions. This is very useful if you have very specific requirements for editing your content and have a large number or high turnover of editors.


Restricting access

Start Nodes/Pages

Say you have an editor that is only responsible for updating your news posts on your website. You can create a user account, assign the Editors User Group, and then further restrict them to only have access to the News section.

Because Umbraco content is hierarchical in nature, giving someone access to the News landing page will result in them inheriting access to all of the Posts beneath. You can think of it the same way as granting permissions to folders on your network.

Setting the start node to limit user access to the News pages

Setting the start node to limit user access to the News pages

Granular Permissions

In addition to restricting access by sections, you can also specify what each user can do at a very granular level, toggling permission to the following:

  • Assign culture / language
  • Protect content (behind a login page)
  • Rollback to previous version
  • Browse the website pages in the backoffice
  • Create Content Templates
  • Delete
  • Create
  • Publish
  • Set Permissions
  • Unpublish
  • Update
  • Copy
  • Move
  • Sort.

Typically, you’ll find the permissions provided by the built in User Groups will fit all of your needs. If you find you are using the same custom permissions over and over again, this would be a good reason for creating a custom User Group.

Changing permissions for the Editors user group

Changing permissions for the Editors user group


Disabling Access

You may have editors that have left your company or changed role and no longer require access to the website content managements system. Instead of deleting them, it’s best to disable access so you can retain the history of who updated the content.

The Users section gives you instant visibility over which users are active and disabled. Re-enabling a user is just a case of clicking a button.

Example of a disabled user account

Example of a disabled user account


Unlocking

A security feature of Umbraco is to lock a user account if there have been too many unsuccessful login attempts. The number of attempts allowed is configurable for each website, you can also turn it off altogether.

Again, unlocking a user account is just a case of clicking a button.

Example of a locked-out user account

Example of a locked-out user account

Summary

We hope this article has given you a good overview of what’s possible in the User section and how Umbraco can help you manage your content editors easily, securely and effectively. If you have any questions, please get in touch with us!