Sitecore domain administrator cannot log on

Question

I'm trying to achieve the following:

Have a role (Webmaster) and a user (Webmaster1) in that role. The user can log in to sitecore. The user can create other users, but only of specific roles (Editor & NewsEditor).

I'm trying to achive this with domains:

• Domain: Website (locally managed)

I put the roles in the domain:

• Website\Webmaster
• Website\Editor
• Website\NewsEditor

I create the Webmaster1 user:

Member of Sitecore Local Administrators.

If, upon creation, I assign the Webmaster1 user to the Website domain, he cannot log on. If I assign the Webmaster1 user to the Sitecor domain, he can log in, but he can also assign roles from the sitecore domain.

Am I trying to achieve the impossible? We have been advised to use this approach, but I can't seem to get it working.

Answer 1

I would recommend you start out by reading the Sitecore Administrators Cookbook and these common security concepts

EDIT: As Jammycam wrote, I was actually wrong. You can create users in different domains, and then add them to the Sitecore Client Authoring role. You could then create locally managed domains. In that way it might actually be possible. However the login screen will by default login to the sitecore domain, so you should prefix the username with the domain e.g. myLocalDomain\username. Then it should be possible I guess.