Create a Backend User and User Group that Restricts Page and Editing Access

You can create Backend users or modify existing Backend users to enable them to edit only specific sections or specific pages on your website. This is the recommended approach for people who update your website and don't need to do administrative functions. It improves security, simplifies the Backend interface, and reduces the chance of accidental errors. To do this, you can assign a user to an existing Backend User Group (such as BasicAdmin) or you can create a new group that defines the unique access requirements for one or more users. Below are the steps for setting up a Backend user group with the privileges needed to update content on a specific set of pages. 

Create a New Backend User Group

1. Use the List module and select the Root page.
2. Scroll down to the Backend Usergroup table and click on the New Record icon.
3. On the "Backend usergroup" form, under "Grouptitle" enter a name for the new group.
4. Click on the Access List tab and enable the Include Access Lists option.

Configure Access to Modules, Tables, Page Types, and Fields

1. Under "Modules," hold down the control key and click on "Web" and "Web>Page" and "Web>View" to select them. These are the left-side menu options the user will see and are needed for editing page content. Notice that you could select others if you would like.
2. Scroll down to the "Tables (listing)" field. This is a list of the database tables where the different kinds of database records are stored. Selecting more gives the user access to see more data within the website's database. Note: These selections are only for enabling a user to view records in tables, not to edit them. For simple pages and content on pages, hold down the control key and click on "Page" and "Pagecontent."
3. Scroll down to "Tables (modify)" and choose the same items to allow the user to modify pages and page content.
4. Scroll down to "Page types." Select the different types of pages that you would like to allow your user to create.
5. Scroll down to "Allowed excludefields." Notice the table names are at the left followed by each of the field names within the table. These are fields in the tables that show up on the user's entry forms. This feature is powerful because it allows you to remove fields that users either should not change or that are unused and would just clutter the entry forms. In most cases, selecting all the fields for each table selected above is easiest and safest. However, you may want to experiment to see the results of removing different fields. Select all the fields for the "Page" table and the "Page content" table. Select the top item, scroll down, and hold shift down while selecting the last item.
6. You should save your work frequently.

Configure Access to Page Content Types and Plugins

1. Scroll down to "Explicitly allow/deny field values." Above, the page content table was selected. However, there are many types of page content that a user can add and edit. These checkboxes allow you to limit which types of page content a user is allowed to work with. The top items tend to be the simple page content elements. The ones below are more advanced. Selecting deny also simplifies the user's list of options when they go to add a content element to a page. For a typical user entering basic content, the first eight options are often useful.
2. Scroll down to "Pagecontent: Plugin." There is one page content element above called "Insert plugin." If you do not deny access to "Insert plugin" above then these fields are used to select which plugins a user can insert onto a page. In addition, these fields can prevent a user from modifying the settings for a plugin that is already added to a page. Since "[Deny] Insert plugin" is checked above these fields can be left unchecked. The result is that the user cannot add a new plugin, but they could modify a current plugin if needed.

Configure Page Tree DB Mounts and File Mounts

1. Click on the Mounts and Workspaces tab. 
2. Mounts restrict which pages and folders are viewable in the page tree. Click on the folder icon to the right of the DB mounts field to add a new DB mount.
3. Choose the portion of the page tree the user will be able to view.
4. If you have restricted page access to the usergroup, you will need to select the system folder/s (Storage Folder, Site Config Folder, etc.) that the user will have access to. Select them in the same manner as above.
5. Next, scroll down to the File mounts field. Your selections here will determine the file folders the user group will have access to.
6. You should deselect all of the fileoperation permissions in order to assign them on an individual user basis later.
7. When you've completed this section, you can save and close the form.

Create a Backend User

1. While you are on the root page, it is a logical step to create a Backend user who will be assigned to this group.
2. In the Backend user section, click on the New Record icon.
3. Fill in the Username and the Password field and in the Group section, select the Usergroup from the Items list.
4. Click on the Mounts and Workspaces tab. Disable the Edit Draft option.
5. Scroll to the bottom of the tab and give your user Fileoperation permissions as desired.
6. Save and close your work.

Configure Page Access

1. Now click on the Access module at the top left.
2. Select Permissions from the forms dropdown menu.
3. In the Depth field, select 10 levels in order to display the whole website in the Access form.
4. In Access form, you will see a page tree with an edit icon to the right of each page. Click on the pencil icon to edit the access permissions for a page that you want to give your group access to.
5. Click the icon Add ACL (Access Control List). In the dropdown list, select Group and then in the second dropdown list select the user group that you've just created.
6. Notice that for this group, you can set whether the user can show the page, edit content on the page, edit the page information itself (like the page title), delete a page, or add a new page. If you would like, these options can be controlled for each page individually. However, by checking "Recursive," these options will be applied to all the pages inside the page you selected. Choose the checkboxes that apply. If you are unsure, then check all the checkboxes in this row, and then click the "Save and Close" button at the bottom.
7. Repeat the process for any additional pages, plus any sys folders, such as the General Storage Folder, Generated Content folder, etc. that you want your user group to have access to.

Review the Changes

1. Go to the "User Admin" module. Click on the red "Switch User to" (Switchback mode) button next to the newly created Backend user. When you do, you will be logged in temporarily as that user.
2. Explore the Backend using the Page and List modules, check the file access via the Filelist module and so on.
3. If everything works as expected, then click on the "Exit" button located where the Logout button usually appears. This will log you out as the Backend user and relog you in as yourself.
4. As you add additional users that have the same needs you can add them to this group without needing to create another group.