Sitecore CMP security

Security in Sitecore Content Marketing Platform (CMP)™ is defined by out-of-the-box user groups and through the reusability of the powerful core permissions framework. Security is enforced through the implementation of Access Control Lists for users; defining READ or WRITE permissions for the content within CMP.


To view a content item, you need the Read permission for both the M.ContentVersion and the M.Content entity definitions.

The roles of the user groups are enforced through the Sitecore CMP state flows (Sitecore CMP flow and ideation flow respectively).


For further information on the Sitecore CMP flow, please see CMP Flow.

The ideation flow allows any user with CREATE permissions to create a draft idea and submit for approval.

This idea is then approved for creation by the M.Builtin.ContentAdministrators role, which is the pre-defined user group for users requiring content administration permission. M.Builtin.Editors * create the content. Before the content is reviewed, annotated, and ultimately approved or rejected by the *M.Builtin.Approvers. M.Builtin.ContentAdministrators then take control of the content and take responsibility for publishing the content.

User groups used in Sitecore CMP

User GroupPurpose
M.Builtin.ContentAdministratorsOverall content management, as well as approving and rejecting content for creation.
M.Builtin.EditorsCreating and editing content.
M.Builtin.ApproversReviewing of content: annotating, approving, and rejecting content.
M.Builtin.CMP.EveryoneProvides READ permissions to Sitecore CMP entities created by the current user. However, in some conditions, M.Builtin.CMP.Everyone has the permissions to create, update, and delete M.Content and M.Asset.
M.Builtin.SM.EveryoneAssigns READ permissions to the states, which together build the ideation and the Sitecore CMP flows respectively.
M.Builtin.ReadersProvides READ permissions, READ annotations permissions, and Download preview permissions.

Custom user groups can be created by superusers, as mentioned in the security overview section.

Can we improve this article ? Provide feedback