I have a site set up with access rights for Administrators, WebAdmins, WebEditors and Everyone.
My goal was to have Administrators only set with all rights, WebAdmins with all rights aside from Administer, WebEditors with all rights aside from Publish and Administer and then Everyone with read access.
I removed Publish rights from WebEditors and logged in as a WebEditor user and it worked as I hoped - they could do all but publish.
I then removed Adminster from WebAdmins and logged in as a WebAdmin and see that nothing has changed - they can still adminster the site.
I then created a 'Publishing Editors' group with all access rights aside from Administer, add a user to the group but I can't log in at all with the user in that group.
Can anyone advise me on where I'm going wrong with this?
According to webhelp.episerver.com/latest/cms-admin/access-rights.htm, all users who are not members of the WebAdmins or Administrators group must be a member of the WebEditors group.
Thanks very much Bob, your advice worked and the access is working as I wanted. I was reading through the CMS documentation which doesn't mention this (http://webhelp.episerver.com/17-2/cms-admin/managing-users-groups.htm) and not the commerce doc.
BTW, copying and pasting your link into a browser window worked for me but a different url is given in your link to that displayed and I couldn't access that:
"You were looking for this page: http://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2017/12/manageing-users-and-groups/webhelp.episerver.com/latest/commerce/access-rights.htm
This content seems to be unavailable.
It may have been removed because it was outdated, or the link is incorrect."
Thanks for the feedback, Morag. I fixed that link.