When DotNetNuke installs a number of default Security Roles
are created on your behalf. These are intended to help with applying permissions e.g. Page
level permissions. The default roles are:
- Administrator: This role grants administrative (full) access to the website.
- Registered User: This is the group of users who have a username/password combination to log into the website. New users are automatically added to this security role.
- Subscribers: This is an automatic role that is added to all users. When a user registers they are automatically added to this role, but they also have the ability to remove themselves from the role. Most often this is used to allow communication to all the site users e.g. via the newsletter module.
- Unauthenticated Users: This is the (virtual) group of users who can access the website but are not logged in i.e. anonymous users.
- Unverified Users: This role has been introduced in DNN 6.2.0 for users, who have registered, but are waiting for approval from website admin.
- All Users: This is the (virtual) group of all users of the website, both anonymous and logged in.
Note: you cannot assign or unassign users to virtual roles "Unauthenticated Users" and "All Users". When a user gets authorized to access a website, he is usually assigned to the "Registered Users Role" - which gets removed, when the user is removed from the website.
In addition to these 5 roles, the host (superuser) account is a special user which has all permissions i.e. they are an administrator on all sites and have additional permissions not granted to Admins e.g. the ability to access Host menu items, upload modules etc.