Improve user role permission settings
I think the current way Kentico is handling the permissions is not the way to go. I am very surprised that a Role is applied to the Kentico tree (pages) even if I don’t add the role in the tree. We have a large site with multiple editors. Some editors are only allowed to work in one part of the Kentico Tree. Now I have to create a lot of ‘denies’ and when there is a user that has more than one role (for example a website part and a intranet part) I need to create a new role for those tasks. This requires much more maintenance than needed and the more roles there are, and denies in the Kentico tree, the higher the risk for error.
In my opinion Roles should not be applied to the tree unless you add it. Then there is no need to add all the denies, this makes the setting and maintenance of permissions much easier, especially for large sites like ours.