This guide will explain how to define, create, and manage users in the backoffice
Users (not to be confused with Members) are people who have access to the Umbraco backoffice. These could include Content Editors, Translators, Web Designers, and Developers.
This guide will explain how to define, create, and manage users in the backoffice.
Go to the Users section. Here, you will see an overview of all the current backoffice users.
To create a new user select the Invite user button. You will be prompted to add a Name and an Email for the new user. You will also need to select which User group the new user should be added to and enter a Message for the invitation.
Once you have created the user, an autogenerated password will be provided. This password needs to be used to access the account.
There are default properties on every user that can be defined:
Change/Remove photo.
Change Password (provides an option to set a new password).
Disable (allows one to disable service access).
Update the email for the user.
Language (sets the backoffice language of the user account).
User Group (determines the scope of access in the backoffice)
Start nodes for both Content and Media sections to limit access
By default, the User Groups available to new users are Administrators, Writers, Editors, Translators, and Sensitive Data.
Administrator: Can do anything when editing nodes in the content section (has all permissions).
Editor: Allowed to create and publish content items or nodes on the website without approval from others or restrictions (has permissions to Public Access, Rollback, Browse Node, Create Content Template, Delete, Create, Publish, Unpublish, Update, Copy, Move and Sort).
Writer: Allowed to browse nodes, create nodes, and request for publication of items. Not allowed to publish directly without someone else's approval like an Editor (has permissions to Browse Node, Create, Send to Publish, and Update).
Translator: These are used for translating your website. Translators are allowed to browse and update nodes as well as grant dashboard access. Translations of site pages must be reviewed by others before publication (has permissions to Browse Node and Update).
Sensitive data: Any users added to this User group will have access to view any data marked as sensitive. Learn more about this feature in the Sensitive Data article.
You can also create your own custom User Groups and add properties and tabs as you would with Document Types and Member Types.
Go to the Users section and select the Groups tab in the top-right corner.
Select Create Group and you will be taken to the User Group editor. Here you can define and edit the User Group through custom settings and properties.
Shows basic information about the User Group and settings for custom properties.
Name: The name of the User Group is shown in the User Group tab.
Alias: Used to reference the User Group in code - the alias will be auto-generated based on the name.
Assign access: Define which sections and languages the users will have access to, and if the users should have access to only some or all content and media.
Default Permissions: Select the default permissions granted to users of the User Group.
Granular permissions: Define a specific node the users in the group should have access to.
Users: Add users to the new group.
Depending on which User Group a user is added to, each user has a set of permissions associated with their accounts. These permissions either enable or disable a user's ability to perform its associated function.
The available user permissions are defined under Default Permissions in the User group.
When a new user is created, you can set specific permissions for that user on different domains and subdomains. You can also set permissions on different User Groups, even for the default types.
As a developer, you are only able to leverage your website from the backoffice when you build on the Users section of Umbraco. This is because the Users section is restricted to the Umbraco backoffice.
Umbraco Forms has a backoffice security model integrated with Umbraco Users. You can manage the details in the Users section of the backoffice, within a tree named Forms Security.
This guide will explain the API Users concept and how they differ from regular Users how to define
API Users allow for authorizing external access to the Management API.
An API User is identical to a regular User except for one thing: It has no password. In fact, API Users are not allowed to log into the backoffice like regular Users.
Instead, API Users hold the Client Credentials used to authorize against the Management API. When an external source authorizes using Client Credentials, it effectively assumes the identity of the API User.
Since API Users are identical to regular Users their backoffice access can be controlled in the same way. This allows for imposing detailed access control on the external sources connected to the Management API.
Client IDs for API Users are explicitly prefixed with umbraco-back-office-
. This guards against API Users accidentally taking over one of the Client IDs used by the Umbraco core.