In this content editors guide, you will learn about the different content editors roles and permissions that you can apply within Episerver CMS. This series of posts will teach a content editor everything they need in order to master the Episerver editor. If you work in a big team of content editors, it is a very bad idea to let every content editor be able to do everything within the CMS. Some people just aren't technically minded. It is not recommended to give less technical people the power to potentially take the whole website down. This is why it is important to understand how to optimally apply roles and permissions within your website. If this sounds good to you, read on 🔥🔥🔥

What roles do most organizations typically set up?

Episerver comes with five types of permissions out-of-the-box. On any new project, the company will need to decide who can access the CMS and which of these permissions they should be granted. A company's business processes and governance models will usually determine the exact roles and permissions that you give each individual or group of people. At the start of your project I recommend setting up a quick 10 minutes face-to-face conversation with the project sponsors, or, content team to agree on permissions. Some users may be in more than one role, one person may be all roles, or there may be a separate person for each role. Episerver will allow you to apply for the permissions you need how you need them 😊

How To Setup Roles and Permissions Within An Episerver Project

Setting permissions is done from within the Episerver Admin UI. On the Admin tab, in the 'Access Rights section, go to Administrative Groups:

Typical Roles and Permissions That Get Implemented In An Episerver Project 1

From this screen, you can add users and groups and assign them permissions. Below details these permissions:

Everyone: The everyone role is used to allow anonymous visitors permission to view your web pages. On every Episerver project, the everyone role must have read access to all content that you want to be publicly available.

Administrators: Every project will need one or more admins. It is good practice to have more than one 'Administratorsaccount. Years ago, I had to do an onsite visit and the only admin for their website was ill that day. We needed to make some fundamental changes and the only way to access the system was to hack the database. If the admin user person leaves, is ill or is on holiday then certain tasks within the editor will not be possible. This is why I recommend having at least two admin accounts. Ideally, IT support is one of them in case of emergencies! Out-of-the-box, Episerver comes with a default 'Administrators' group that has access to do everything within the editor and the admin UI. Administrator users are 'power users'. Usually, Admin users should be developers and the trusted content team. The admin role is a member ofRead,Create,Change,Delete,Publish, andAdministrator`.

As for the normal mortal, they will usually fall into one of the typical role buckets listed below:

Web Editors: These users will only be able to create content and not delete it, or, publish it. This account is a member of Read, Create, and Change. Give this role to marketing, or, content editors who will only create content

Web Admins: Web Admins are trusted content editors, these people oversee the website's content delivery. Web Admins can create, delete and publish items. It's up to them to proofread and approve content changes. This account is a member of Read, Create, Change, Delete, and Publish.

Content Publisher: Typically, the Content Publishers are the marketing team managers that will make final decisions to approve the content. These are the people who can publish content on the website but do not write the content themselves. This account is a member of Read and Publish

Marketing Analyst: Typically, the Marketing Analysts are the analytics guys who will be working with stats. They will want to view reports. These are the guys who are analyzing the effectiveness of the marketing efforts and possibly putting together reports for higher-ups. Due to the limited nature of the Episerver admin permissions, these users will normally need full permissions. If you have created custom admin pages, they will need full access. This account is a member of Read, Create, Change, Delete, and Publish


These are the permissions you have to play with within Episerver CMS. You have a good amount of control. Happy Coding 🤘