Access Rights in Websites and Stores: Overview of Methods
If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.
In Bitrix24, access to websites and stores can be managed using both extended and role-based access models. These methods allow you to check which model is currently enabled, switch between them if necessary, and configure access permissions as needed.
If you need to set access rights specifically for a particular website, the extended model is suitable. In this model, access is defined at the website level. For example, you can allow a group of employees to edit one website while restricting others to view-only access.
If you need to grant the same rights to multiple users or a department, the role-based model is appropriate. In this case, you first retrieve a list of roles, assign a role to employees, and then configure the role's access rights for the websites. For instance, you can create a role called "Editor," assign it to a department, and allow them to modify the company's websites.
The settings for the extended and role-based models are stored separately. When switching between them, previously assigned rights are not deleted. When the model is re-enabled, its settings take effect again.
Warning
Access rights are set for the website and apply to all its pages. In the cloud version of Bitrix24, this setting is only available on paid plans. If you switch to a free plan, the access rights configuration will be automatically disabled, and all previously restricted objects will become accessible to all users.
Quick Navigation: All Methods
User Documentation: Access Rights for Websites and Stores
How to Configure the Access Rights Model
- Check which access rights model is currently enabled using the landing.role.isEnabled method.
- If necessary, switch the model using the landing.role.enable method.
- Retrieve the website ID using landing.site.getList.
- For the extended model, configure the website's access rights in the Extended Model section.
- For the role-based model, obtain the list of roles, assign access codes, and save the rights in the Role-Based Model section.
- Verify the result: for the extended model, call landing.site.getRights; for the role-based model, call landing.role.getRights.
Relationship with Other Objects
Websites. Access rights are configured for websites, so a siteId is required. This can be obtained using the landing.site.getList and landing.site.add methods.
Pages. The access rights for the website apply to all its pages, so there is no need to configure access separately for pages.
Access Codes and Roles. In the role-based model, access is not assigned directly to users but through roles and access codes. This is done using the landing.role.setAccessCodes and landing.role.setRights methods.
Overview of Methods
Scope:
landingWho can execute the methods: depends on the method
Switching the Access Rights Model
|
Method |
Description |
|
Enables or disables the role-based access model |
|
|
Checks if the role-based access model is enabled |
Extended Model
|
Method |
Description |
|
Retrieves the current user's rights for the website |
|
|
Sets access rights for the website |
Role-Based Model
|
Method |
Description |
|
Retrieves the list of roles for the current type of websites |
|
|
Returns the rights of the role by websites |
|
|
Sets access codes for the role |
|
|
Sets the rights of the role by websites |