Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sitecore UserSwitcher vs SecurityDisabler

Tags:

sitecore

I was wondering why Sitecore recommend to use the UserSwitcher instead of the SecurityDisabler.

I'm ok with the fact that if you are adding items in sitecore for example, you have more control with the UserSwitcher (Only give the right to add items in a specific folder)

Is it to prevent stupid code (i mean, oh let's delete all the children of /Sitecore/Context ^^)? or maybe there is a security breach when you do that ?

Thanks

like image 899
JobiJoba Avatar asked Jan 30 '14 12:01

JobiJoba


2 Answers

If you use the UserSwitcher(), everything you do is done in the context of a user. The user can be an Administrator and can do everything. Maybe you want to create a "service user" with only specific permissions or whatever, you can use this user to do what you want.

If you use the SecurityDisabler() Sitecore will not do any permission checks at all. In fact, the result will be the same as if you use the UserSwitcher() with an administrator, but you have no control over the context.

like image 111
Kevin Brechbühl Avatar answered Oct 01 '22 14:10

Kevin Brechbühl


Partly it's to prevent 'incorrect' things happening, I'd say. You can't inadvertently do something you didn't want, because you don't have the access to it.

A side effect of this is that Sitecore will have the user provided in the UserSwitcher as name against the action, rather than 'Anonymous'.

like image 33
Trayek Avatar answered Oct 01 '22 13:10

Trayek