Widget security works on two separate levels:
- Where can users create instances of the widget?
- Which users (roles) are allowed to work with the widget?
By default, new widgets are forbidden for all zone types and allowed only for authorized roles (without any roles selected). You need to explicitly allow your widgets for specific types of zones and users.
To edit the permissions of a widget:
- Open the Widgets application.
- Select the widget in the catalog tree.
- Switch to the Security tab.
You can allow widgets for the following locations:
- In group, editor or user zones - see Setting up widget zones on pages
- In dashboard zones - users can insert the widget as a component on widget dashboards
- As inline widget - users can insert the widget into editable text regions via the WYSIWYG editor
and one of the following types of users:
- Authenticated users - all logged in users (including on the live site)
- Global Admin only - only users with the Global administrator privilege level
- Authorized roles - only members of the roles selected in the section below (you can switch between the roles of specific Sites)
Note: The user permissions do NOT apply for group widget zones. Users who are administrators of groups can work with all widgets that are allowed for group widget zones (on pages owned by the given group). See also: Customizing group pages using widgets
The security settings only apply when:
- Adding new widget instances
- Configuring the properties of existing widget instances
The system does NOT automatically remove existing instances of widgets if you cancel the permissions for the given zone type or the user who added the widget.