Created: 18 Jan 2018, last update: 30 Jan 2022
New User Roles in Sitecore 9
In Sitecore 9 there are some new user roles and a few are removed, for Sitecore 8 see: New Roles in Sitecore 8. The Sitecore Security Rights Reporting Module is now also for Sitecore 9, with knowledge of all roles and settings you can see all rights and see which rights are custom and which rights are missing and which right are there for a specific user or role or for all rights. You can download the Rights Module for Sitecore here https://github.com/jbluemink/Sitecore-Security-Rights-Reporting
New in Sitecore 9:
sitecore\Forms Editor
sitecore\Marketing Automation Editors
New in Sitecore 9 Update-1
sitecore\EXM Users
sitecore\EXM Advanced Users
EXM, Sitecore Email Experience Manager is now part of the core product for Sitecore 9 Update-1, and not a separated module. For versions below Email Experience Manager 3.5 the roles are called ECM Users and ECM Advanced Users. And there are over 1,000 breaking changes In EXM.
Deleted roles:
sitecore\Experience Explorer
sitecore\Facebook Message Reviewer
sitecore\Sitecore Client Social Authoring
sitecore\Social Marketer Message Reviewer
sitecore\Social Message Author
sitecore\Social Message Workflow Editor
sitecore\Social Message Workflow Reviewer
sitecore\Twitter Message Reviewer
Social connect is removed from Sitecore 9.
More in detail this is what the roles do:
See also The security roles
sitecore\Forms Editor
New in Sitecore 9, With the Forms Editor role, a user can access the Sitecore Forms application from the Launchpad and is able to create, edit, and delete forms."}
See: the security roles in Sitecore forms
Item Rights set on account sitecore\Forms Editor on core Database
| /sitecore/client/Applications/Launchpad/PageSettings/Buttons/Marketing/Forms |
Read right for items. |
item:read |
AllowAccess |
Entity |
Item Rights set on account sitecore\Forms Editor on master Database
| /sitecore/Forms |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/Forms |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/Forms |
Rename right for items. |
item:rename |
AllowAccess |
Descendants |
| /sitecore/Forms |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/Forms |
Delete right for items. |
item:delete |
AllowAccess |
Descendants |
| /sitecore/Forms |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/Forms |
Write right for items. |
item:write |
AllowAccess |
Descendants |
sitecore\Marketing Automation Editors
New in Sitecore 9, Gives the user access to the Marketing Automation application so they can create, edit, and manage marketing automation campaigns. In addition, this role gives the user access to the Marketing Control Panel application so they can create, edit, and manage marketing definitions that are part of the automation campaigns and the Analytics workflow.
| No rights found in a vanilla Sitecore Database for the role. |
sitecore\EXM Users on core Database
For Email Experience Manager 3.5 and higher. Gives the user access to all the basic functionality in the Email Experience Manager, such as create, send, and manage messages. This role is a member of the List Manager Editors role.
Item Rights set on account sitecore\EXM Users on core Database
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Rename right for items. |
item:rename |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Delete right for items. |
item:delete |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Create right for items. |
item:create |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Admin right for items. |
item:admin |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Write right for items. |
item:write |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Create Bucket |
bucket:makebucket |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Revert Bucket |
bucket:unmake |
DenyAccess |
Entity |
| /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator |
Read right for items. |
item:read |
DenyAccess |
Entity |
Item Rights set on account sitecore\EXM Users on master Database
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Delete right for items. |
item:delete |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Admin right for items. |
item:admin |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Rename right for items. |
item:rename |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Delete right for items. |
item:delete |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Admin right for items. |
item:admin |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Rename right for items. |
item:rename |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types |
Write right for items. |
item:write |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Admin right for items. |
item:admin |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Rename right for items. |
item:rename |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Admin right for items. |
item:admin |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Rename right for items. |
item:rename |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name/Messages |
Write right for items. |
item:write |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/layout/Layouts/System/Email |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Write right for items. |
item:write |
AllowAccess |
Entity |
sitecore\EXM Advanced Users
For Email Experience Manager 3.5 and higher. Gives the user full access to all the functionality in the Email Experience Manager. This role is a member of the List Manager Editors role. Members of this role can:
-Delete a message.
-Change the default settings.
-Open or edit the engagement plan.
-Change the recipient lists of a subscription message.
-Save a message as a subscription message template.
-Change the target device.
Item Rights set on account sitecore\EXM Advanced Users on core Database
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
Item Rights set on account sitecore\EXM Advanced Users on master Database
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Delete right for items. |
item:delete |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Admin right for items. |
item:admin |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Rename right for items. |
item:rename |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Delete right for items. |
item:delete |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Admin right for items. |
item:admin |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Rename right for items. |
item:rename |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root/$name |
Write right for items. |
item:write |
AllowAccess |
Entity |
| /sitecore/system/Settings/Email |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/system/Settings/Email |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/system/Settings/Email |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/system/Settings/Email |
Write right for items. |
item:write |
AllowAccess |
Entity |
| /sitecore/templates/Branches/System/Email/Manager Root |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/templates/Branches/System/Email/Manager Root |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Create right for items. |
item:create |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Read right for items. |
item:read |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Write right for items. |
item:write |
AllowAccess |
Descendants |
| /sitecore/layout/Layouts/System/Email |
Wildcard right. For internal use only. |
* |
AllowInheritance |
Entity |
| /sitecore/layout/Layouts/System/Email |
Create right for items. |
item:create |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Read right for items. |
item:read |
AllowAccess |
Entity |
| /sitecore/layout/Layouts/System/Email |
Write right for items. |
item:write |
AllowAccess |
Entity
|
