Member Group Access Control for Backoffice Users

[Girish-kl33]

Umbraco provides strong permission controls for backoffice users through Content start nodes and Media start nodes, which work well for multi-tenant setups. These features allow us to scope user access to specific parts of the content tree and media library.

However, similar control is currently missing in the Members section.

In multi-tenant environments, where a single Umbraco instance manages multiple websites, this creates a gap in terms of access control and security. Backoffice users can be restricted to specific content and media, but not to specific Member Groups or members.

Real Scenario

Consider a client (e.g., XXX) managing multiple websites within a single Umbraco backoffice:

• Each website acts as a separate tenant with its own root node
• Each tenant has its own media folders
• Each website has its own member groups for frontend users

When configuring Backoffice Users for each website:

• We can restrict access using Content start nodes (tenant root)
• We can limit access using Media start nodes (tenant media folder)
• But in the Members section: There is no way to restrict users to only see or manage members belonging to their specific tenant
  All member groups are visible, which can lead to overlap and potential security concerns

Proposed Solution

• Introduce Member Group scoping for backoffice users, similar to how Content and Media start nodes work.

For example:

• Allow assigning one or more Member Groups to a backoffice user
• Restrict visibility and management of members based on those groups

This would:

• Ensure proper tenant isolation
• Improve security and governance
• Reduce the need for custom implementations
• Align the Members section with existing Umbraco permission patterns

[Girish-kl33]

This discussion was created as a follow-up to the conversation here:
#22242

I wanted to separate the Member Group / Members section use case from the broader language discussion, since it is a more specific and simpler multi-tenant requirement on its own.