Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to secure an entire branch in a Sitecore content tree?

Tags:

security

sitecore

I have a section of my content tree which I would like to deny ALL permissions to except for specific roles. This seems like a really obvious task to perform, and yet I don't see an example of it in the Security Administrator's Cookbook and I can't figure out an easy way to do it using the security tools. I must be missing something obvious... ???

Say I have this:

sitecore
-content
  -branchA
  -branchB

Everything I created in the content tree is readable by extranet\Anonymous by default. But even when I click on the "Require Login" on the security ribbon, all users still have read access, they just have to log in. I want to make branchB readable by ONLY sitecore\SomeRole members. How is this done?

like image 288
Bryan Avatar asked Jun 18 '10 20:06

Bryan

2 Answers

Ok, follow this guideline.

Let's say we have sitecore\SomeRole and a content tree like this:

Home
  branchA
    itemA1
  branchB
    itemB1

We'd like to deny acccess to branchB and all its descendants for everyone, except for SomeRole.

First off, in Security Editor select Home node, choose sitecore\Everyone role and set the following permissions:

alt text http://img822.imageshack.us/img822/7172/sitecoreeveryonepermiss.png

Now check the access in AccessViewer - that's what we need:

alt text http://img532.imageshack.us/img532/3512/sitecoreeveryoneaccess.png

Let's allow branchB for SomeRole. Go back to Security Editor and explicitly allow permissions for SomeRole:

alt text http://img80.imageshack.us/img80/120/sitecoresomerolepermiss.png

And check this in AccessViewer again:

alt text http://img27.imageshack.us/img27/9584/sitecoresomeroleaccess.png

Hope this answers your question. Beware that Sitecore versions prior to 6.2.X have an issue: AccessViewer doesn't refresh correctly after permissions are set. Kill aspnetwp (w3wp) to fix this.

like image 124
Yan Sklyarenko Avatar answered Sep 20 '22 16:09

Yan Sklyarenko

It sounds like your problem is that you're allowing the extranet\Anonymous user to have read access too far up in the tree. Remove the access grant at the top level (don't deny it, just remove it) and grant it wherever you really need it (like at branchA).

like image 26
EliThompson Avatar answered Sep 22 '22 16:09

EliThompson
Sign in to Comment

Related questions

Authenticating with an API key in JAX-RS
Disable HTTP completely in Heroku
Security issue with exposing TURN server credentials in WebRTC
SSL certificate sometimes stops working
IllegalArgumentException (Unparseable date) during AndroidKeyStore key generation
What are the security implications of storing passwords in Javascript variables?
C# Securely delete variable from memory
Import external cert in aws
jQuery html() method a security risk like innerHTML?
Can I automate user creation in AWS IAM service?
jdk.serialFilter is not working for restricting depth of TreeMap in Java (prevent DoS attack through Java)
PGP signatures from Python?
Flex and crossdomain.xml
Is getting JSON data with jQuery safe?
What characters are unsafe in query strings?
What options are available to accept credit card payments through an iPhone? [closed]
What are the implications of using 'low' security in cakephp?
How to make my code more secure
What to store in a session?
TinyMCE security question: How do you prevent malicious input?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!