Is there a way to grant an AD group (under roles) backend access, but still limit the pieces they can use? (ie. Content menu is accessible, but eCommerce is not)
You can assign blanket permissions to roles by visiting administration > permissions. Your AD roles should be represented. LdapUsers, or whichever roles you have established, needs to have backend access checked on them. To enable the role provider go to Security > Roles Providers, select the “LdapRoles” provider and check the “Enabled” check box and save your settings. You can then assign the new roles in the aforementioned permissions section to allow/deny them the ability to view, edit, change permissions on the individual modules.
Once you have accepted the LDAP groups as roles, restart your APP pool, make sure that your groups are being pulled, then you can visit Administration > Permissions and set global permissions. You can go into the Roles Administration > Users > Roles and change each role to have "Access the backend".
I hope this helps.
Thank you for contacting us.
When your users log in through the backend /Sitefinity are they shown any errors? Do you see anything pop up in the ~/App_Data/Sitefinity/Logs? Also, are they selecting LDAP as their provider and not logging in with a similar account through the default or SQL membership providers?
var userManager = UserManager.GetManager(
var users = userManager.GetUsers().ToList();
RoleManager roleManager = RoleManager.GetManager(
var role = roleManager.GetRole(