"Looking in the tables, there are no Global Permission, Sec Permission, or Page Permission rows...... where should i See the "CMS Access" permission?"
In the sf_GlobalPermission table you have a record for each role. The global permissions depend on the number in the grant
columns. Here is a table of the global permissions:
The numbers are added in the grant and deny columns so if you have "grant" for ManageUsers and CMSAccess you'll have 17 for "grant" for that role.
When you create a role, by default this role has CMSAccess, so a row will appear in this table. When you use different provider for the existing roles, you have to log in with unrestricted rights and give permissions through the permissions sections in the administration.
If you need some more information about the other tables with permissions, or have other questions, please ask again.
Hello Niel,1. A user group created in Sitefinity that has CMS access set to deny and is attached to secure pages created, should not affect any login to the CMS. In other words, if I am logged in within the CMS as an Administrator and say I clicked on "view live site", and then enter the secure location as "securepageviewer" then the when i go back to the CMS (without logging out from the secure site), I should not be seeing that I am logged in as "securepageviewer" and not "Administrator". When the log in changes over, I get the error "Page forbidden". Deny CMS user should rightfully mean that the user create does not access the CMS in anyway and therfore the login to the live site and the CMS should be separate irrespective of the users using the same membership provider. (Please note that I am a single user i nthis scenario and I have an Administrator login and a login ("securepageviewer") to the secure live site
CMS users right now differ from public users only by the CMS access permission. You can separate them completely by customizing your login form. You can override the login functionality to create a different authentication cookie that stores information about the public user. This way you'll be recognized as a public user in the public part and as CMS user in the administration. We will consider using this technique for version 3.2 instead of using the CMS access permission.
About 2 and 3, you are right, these are Sitefinity problems, but unfortunately they have lower priority right now. We have added them in our ToDo list and will consider them for the next versions.
Thank you for clarifiying further what the problem is, hope this time I got your point.
the Telerik team