Settings - Security & Membership

You can access these settings in the Settings application under the Security & Membership category.


Administrator’s email

Specifies the administrator’s email address. It is used in locations and features where the administrator’s email address cannot be specified in the corresponding part of the administration interface.

Send membership reminder (days)

Determines when the system should send email notifications about Memberships that will soon expire. The value sets how many days before the expiration date reminders should be mailed out.

These emails are only sent for memberships that were assigned with the Send notification flag enabled and for those that were purchased as a product with a limited duration.

Memberships are checked periodically using the Membership reminder scheduled task. The content of the notifications is based on the Membership - Expiration notification email template.

Share user accounts on all sites

If enabled, user accounts created on one site will be shared among all the sites running on the installation. If disabled, new accounts will be assigned only to the current site and not the others.


Registration requires administrator’s approval

Indicates if an administrator’s approval is needed for a user to get registered. Changing this setting requires a restart of the live site to take effect.

Delete non-activated user after (days)

When users register but do not activate their account, their account will be deleted after the entered number of days.

Require unique user emails

If enabled, users cannot enter an email address during registration if the address is already used by another user’s account.


Check page-level permissions

You can assign permissions (access rights) for each page in the content tree. This setting indicates if the website checks the permissions of pages and apply them when browsing the live site. You can configure the permissions of pages in the Pages application on the Properties -> Security tab.

The following values are possible:

  • All pages – Access rights are checked for all pages on the website.
  • Secured areas – Access rights are checked for pages that are configured to require authentication (i.e. with the Requires authentication property set to Yes on the Properties -> Security tab).
  • No pages – Access rights are not checked at all. All users can see all pages on your website (but you can still require users to authenticate by configuring the Requires authentication setting).


Automatically sign-in user when site changes

If enabled, users will not need to enter their username and password when they switch between edited sites in the administration interface (using the Site drop-down list).

Enable code editing for site administrators

Indicates whether users with the Administrator privilege level are automatically allowed to edit code on the website. If disabled, administrators can still edit code if they have the appropriate permissions assigned: Edit SQL code for the Design module or Edit SQL Queries for the Reporting module.

The restriction applies SQL queries, e.g. for objects in the Reporting module.

See Special security permissions.

UI personalization

Enable UI personalization

Indicates if UI personalization is enabled. If this is the case, users only see those parts of the UI that are allowed for the UI profile assigned to their roles. If disabled, the entire UI is visible for all users.


Default report connection string

Sets the database connection string that the system assigns to newly created reports. Existing reports also inherit the connection string value from this setting by default.

Only users who have the Set connection string permission for the Reporting module can change the connection strings of individual reports.

The system loads the list of connection strings from the <connectionStrings> section of the application’s web.config file. The (default) option represents the CMSConnectionString added by the application’s initial database installer.

You can use reporting connection strings for the following scenarios:

  • Retrieving data from a Separated on-line marketing database
  • Restricting the database-level permissions of reporting queries via a connection string with a limited database user