Setting up Tridion User Rights Correctly

The first item in my Tridion Developer Summit talk (entitled 'Five things you can do today to help your Tridion editors') was 'Set up Tridion rights correctly'.

This blog post is going to go into more detail on how to set up Tridion user rights correctly and some of the symptoms suffered if this is not done properly.

The Problem

Tridion's greatest asset - BluePrinting - can also be one of its biggest weaknesses, if it's not implemented correctly.

Having the content separate from the website structure (in different publications) is superb for allowing the re-use of content across multiple sites or platforms. However, if the Tridion security rights are not set up correctly, then it’s very easy for Tridion editors to accidentally create their content (components) in the website publication.

Right click with component and folder options

The Solution

As outlined in the online documentation, Tridion rights define what actions a specific user or user group can perform within a publication.

By default, any new publication created has the following rights defined for the editor and chief editor groups:

Default Tridion user rights

To prevent editors from accidentally creating content in the website publication, these user rights can be updated, so that your editors (including those in any additional user groups that you may have created) do not have Folder Management or Component Management rights.

The screenshot below shows the Folder Management and Component Management rights having been removed for users in the Editor group in the website publication.

Tridion rights no folder or component management highlighted

This will result in editors not even having the option to create new components or folders in the website publication, as shown in the screenshot below.

Right click without component and folder options

A Word of Caution

Although this approach will prevent your authors and editors from creating content at the wrong level in the BluePrint, it cannot stop Tridion administrators from doing the same! If this is a big problem, then you could resolve it using a GUI extension (to remove the new component / folder menu item in the website publications) or using the Events System.

A Wrap Up

The things that I covered were basics, and certainly not new, but hopefully my TDS talk prompted some people to look again at the fundamentals of their Tridion implementation to ensure that they were following best practice.

Please feel free to comment below or to contact me directly if you have any questions regarding this post.

I will be looking at some of the other items that I covered in my talk in subsequent blog posts.