Authorization is the process of granting or denying users the access to resources on the basis of their permissions.
Sitefinity uses role providers for performing authorization.
Each role has specific permissions. However, there is a major role specification in Sitefinity: permission for the administrative part. It is based on the setting of the global
permission CMSAccess (for more on permissions - see Permissions). When this permission is set to true for a
role, all users that belong to this role have access rights for the admin part. When this permission is not set to true for a role, all users in the given role are
denied access to the admin part. Thus, the first type of role may be regarded as an admin role, while the second: a public role.
This setting is new to Sitefinity. Up till 3.1, the way to separate users into types such as users and administrators was to work with two membership providers - one for each
type of user. If working only with one membership provider, all users would have access to the admin part. After version 3.1 even if there were just one membership provider a
difference is made between public users and CMS users due to the roles they belong to. This way, authorization is applied to users who access the administration part of
Sitefinity because they are users that do not belong to a role with CMSAccess set to true, therefore they will not be granted access to the
administration part.
See Also