Getting a list of the Default User Groups using the Tridion Core Service

As you (probably) already know, Tridion comes out of the box with a number of Default User Groups:

  • Author
  • Editor
  • Chief Editor
  • Publication Manager
  • Etc.

When a new Publication is created in Tridion predefined Rights are automatically granted to these Groups on the Publication.

Screenshot of the Tridion CME interface showing the default groups with rights on a publication

Whilst this can be really useful when creating a large number of new Publications, and it's normally considered best practice for all new Groups to be a member of one (or more) of these Default Groups (with controlled Scope), sometimes it's undesirable.

I recently helped a client to clean up their Tridion Security Model and make their implementation consistent across the different branches in their BluePrint. Part of that task involved removing the Rights of these Default Groups from a large number of Publications (across the DTAP environments).

Given the scale of the task, I opted to do this using a Tridion Core Service script, rather than manually through the Content Management Explorer (CME) interface ⟵ which would've been a definite ‘headphones on’ job!

Initially, I tried to get the list of Default Groups by setting the IsPredefined property to true on the GroupsFilterData object:

var groups = Client.GetSystemWideList(new GroupsFilterData() {IsPredefined = true, BaseColumns = ListBaseColumns.IdAndTitle});

However, it seems that this only returns the 'Administrators' and 'Everyone' Groups, and not the Default Groups (Author, Editor, etc.), as anticipated.

Dump of user groups returned by the core service when ispredefined is true

After a little digging, I discovered that the way to identify the Default Groups is through the GroupData.DefaultGroupId property. The non-Default Groups (I.e. The client-specific ones) all have a value of 0 for property, whereas the Default Groups all have an defaultGroupId greater than 0.

Here's the code snippet that I used to get the list of Default Groups (simplified sligtly for readability):

List<string> GetListOfDefaultGroupIds()
	List<string> groupIdsList = new List<string>();
	var groups = Client.GetSystemWideList(new GroupsFilterData() { BaseColumns = ListBaseColumns.Extended });
	foreach (GroupData group in groups)
		if (group.DefaultGroupId > 0){
		Console.WriteLine($"The group.DefaultGroupId is '{group.DefaultGroupId}' for group '{group.Title} ({group.Id})");
	return groupIdsList;

Hopefully this may help someone else out there!

If you have any questions regarding this, or would like to discuss your Tridion Security implementation then please contact me directly at