WebAdmins can see, edit and create Visitor groups but they can't delete them?

Vote:
 

Hello, 

our customer failed to delete his Visitor group. When he tried it a login popup apppeared. I can delete them without problem(in Admin group).

He said that he probably never tried it before, so maybe it was always so, is this by design? What i had to do if i wanted to support deleting visitor groups for WebAdmins?

These are the configured role providers:

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
	<providers>
		<clear />
		<add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer.Framework.AspNet" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WindowsMembershipProvider" />
		<add name="WindowsRoleProvider" applicationName="/" type="EPiServer.Security.WindowsRoleProvider, EPiServer.Cms.AspNet" />
		<add name="SqlServerRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="******" applicationName="/" />
	</providers>
</roleManager>

These are the virtual roles:

<virtualRoles addClaims="true">
	<providers>
		<add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
		<add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
		<add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
		<add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
		<add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
		<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />
		<add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
		<add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
	</providers>
</virtualRoles>

Someone can shed some light on it on how it works and what i have to change to support deleting Visitor groups for WebAdmins?

#252604
Edited, Apr 07, 2021 8:57
Vote:
 

Hi, there is a virtual role called VisitorGroupAdmins you can configure. I believe you need to be a member of this role to able to delete Visitor Groups. You are probably member of this role since it's mapped agains CmsAdmins by default.

#252706
Edited, Apr 08, 2021 10:17
Tim Schmelter - Apr 08, 2021 11:01
Thanks. But you see in my configuration above that WebAdmins are already part of CmsAdmins which you say that VisitorGroupAdmins is mapped against. Or did i misunderstand it?
Vote:
 

Ok, you can't post code in comments.

I'm not sure on that part. But you can easily test this by just adding the role:

<add name="VisitorGroupAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins" mode="Any" />
#252710
Apr 08, 2021 11:05
Tim Schmelter - Apr 19, 2021 15:08
I've tried that but unfortuanately it didn't work. You see still the login dialog if you try to delete a visitor-group. I have just added that provider in the web.config as you have shown.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.