Roles in Sitecore 9

Created: 18 Jan 2018, last update: 30 Jan 2022

New User Roles in Sitecore 9

In Sitecore 9 there are some new user roles and a few are removed, for Sitecore 8 see: New Roles in Sitecore 8. The Sitecore Security Rights Reporting Module is now also for Sitecore 9, with knowledge of all roles and settings you can see all rights and see which rights are custom and which rights are missing and which right are there for a specific user or role or for all rights. You can download the Rights Module for Sitecore here https://github.com/jbluemink/Sitecore-Security-Rights-Reporting

New in Sitecore 9:
sitecore\Forms Editor
sitecore\Marketing Automation Editors

New in Sitecore 9 Update-1
sitecore\EXM Users
sitecore\EXM Advanced Users

EXM, Sitecore Email Experience Manager is now part of the core product for Sitecore 9 Update-1, and not a separated module. For versions below Email Experience Manager 3.5 the roles are called ECM Users and ECM Advanced Users. And there are over 1,000 breaking changes In EXM.

Deleted roles:

sitecore\Experience Explorer
sitecore\Facebook Message Reviewer
sitecore\Sitecore Client Social Authoring
sitecore\Social Marketer Message Reviewer
sitecore\Social Message Author
sitecore\Social Message Workflow Editor
sitecore\Social Message Workflow Reviewer
sitecore\Twitter Message Reviewer

Social connect is removed from Sitecore 9.


More in detail this is what the roles do:
See also The security roles

sitecore\Forms Editor

New in Sitecore 9, With the Forms Editor role, a user can access the Sitecore Forms application from the Launchpad and is able to create, edit, and delete forms."}

See: the security roles in Sitecore forms

Item Rights set on account sitecore\Forms Editor on core Database

/sitecore/client/Applications/Launchpad/PageSettings/Buttons/Marketing/Forms Read right for items. item:read AllowAccess Entity

Item Rights set on account sitecore\Forms Editor on master Database

/sitecore/Forms Read right for items. item:read AllowAccess Entity
/sitecore/Forms Create right for items. item:create AllowAccess Entity
/sitecore/Forms Rename right for items. item:rename AllowAccess Descendants
/sitecore/Forms Create right for items. item:create AllowAccess Descendants
/sitecore/Forms Delete right for items. item:delete AllowAccess Descendants
/sitecore/Forms Read right for items. item:read AllowAccess Descendants
/sitecore/Forms Write right for items. item:write AllowAccess Descendants

 

sitecore\Marketing Automation Editors

New in Sitecore 9, Gives the user access to the Marketing Automation application so they can create, edit, and manage marketing automation campaigns. In addition, this role gives the user access to the Marketing Control Panel application so they can create, edit, and manage marketing definitions that are part of the automation campaigns and the Analytics workflow.

No rights found in a vanilla Sitecore Database for the role.

sitecore\EXM Users on core Database

For Email Experience Manager 3.5 and higher. Gives the user access to all the basic functionality in the Email Experience Manager, such as create, send, and manage messages. This role is a member of the List Manager Editors role.

Item Rights set on account sitecore\EXM Users on core Database

/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Read right for items. item:read AllowAccess Entity
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Read right for items. item:read AllowAccess Descendants
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Rename right for items. item:rename DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Delete right for items. item:delete DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Create right for items. item:create DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Admin right for items. item:admin DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Write right for items. item:write DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Create Bucket bucket:makebucket DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Revert Bucket bucket:unmake DenyAccess Entity
/sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Navigation Links/Dashboard/Administrator Read right for items. item:read DenyAccess Entity

Item Rights set on account sitecore\EXM Users on master Database

/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Delete right for items. item:delete AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Admin right for items. item:admin AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Create right for items. item:create AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Rename right for items. item:rename AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Write right for items. item:write AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Delete right for items. item:delete AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Admin right for items. item:admin AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Create right for items. item:create AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Rename right for items. item:rename AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Read right for items. item:read AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Message Types Write right for items. item:write AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Admin right for items. item:admin AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Create right for items. item:create AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Rename right for items. item:rename AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Write right for items. item:write AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Admin right for items. item:admin AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Create right for items. item:create AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Rename right for items. item:rename AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Read right for items. item:read AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name/Messages Write right for items. item:write AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Read right for items. item:read AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root Read right for items. item:read AllowAccess Entity
/sitecore/layout/Layouts/System/Email Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/layout/Layouts/System/Email Create right for items. item:create AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Read right for items. item:read AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Write right for items. item:write AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/layout/Layouts/System/Email Create right for items. item:create AllowAccess Entity
/sitecore/layout/Layouts/System/Email Read right for items. item:read AllowAccess Entity
/sitecore/layout/Layouts/System/Email Write right for items. item:write AllowAccess Entity

 

sitecore\EXM Advanced Users

For Email Experience Manager 3.5 and higher. Gives the user full access to all the functionality in the Email Experience Manager. This role is a member of the List Manager Editors role. Members of this role can:
-Delete a message.
-Change the default settings.
-Open or edit the engagement plan.
-Change the recipient lists of a subscription message.
-Save a message as a subscription message template.
-Change the target device.

Item Rights set on account sitecore\EXM Advanced Users on core Database

/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Read right for items. item:read AllowAccess Entity
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Read right for items. item:read AllowAccess Descendants
/sitecore/content/Documents and settings/All users/Start menu/Programs/Email Campaign Wildcard right. For internal use only. * AllowInheritance Descendants

Item Rights set on account sitecore\EXM Advanced Users on master Database

/sitecore/templates/Branches/System/Email/Manager Root/$name Delete right for items. item:delete AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Admin right for items. item:admin AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Create right for items. item:create AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Rename right for items. item:rename AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Write right for items. item:write AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root/$name Delete right for items. item:delete AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Admin right for items. item:admin AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Create right for items. item:create AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Rename right for items. item:rename AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Read right for items. item:read AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root/$name Write right for items. item:write AllowAccess Entity
/sitecore/system/Settings/Email Read right for items. item:read AllowAccess Descendants
/sitecore/system/Settings/Email Write right for items. item:write AllowAccess Descendants
/sitecore/system/Settings/Email Read right for items. item:read AllowAccess Entity
/sitecore/system/Settings/Email Write right for items. item:write AllowAccess Entity
/sitecore/templates/Branches/System/Email/Manager Root Read right for items. item:read AllowAccess Descendants
/sitecore/templates/Branches/System/Email/Manager Root Read right for items. item:read AllowAccess Entity
/sitecore/layout/Layouts/System/Email Wildcard right. For internal use only. * AllowInheritance Descendants
/sitecore/layout/Layouts/System/Email Create right for items. item:create AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Read right for items. item:read AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Write right for items. item:write AllowAccess Descendants
/sitecore/layout/Layouts/System/Email Wildcard right. For internal use only. * AllowInheritance Entity
/sitecore/layout/Layouts/System/Email Create right for items. item:create AllowAccess Entity
/sitecore/layout/Layouts/System/Email Read right for items. item:read AllowAccess Entity
/sitecore/layout/Layouts/System/Email Write right for items. item:write AllowAccess

Entity