How to manage Sitecore security access rights settings(configurations) on items?

StackOverflow https://stackoverflow.com/questions/14236352

  •  14-01-2022
  •  | 
  •  

Question

As documentation states security settings on items are kept as text definition on each items.

We have huge tree with a lot of items, I addition exist more than 30 roles. The challenge we face is how to manage the security settings on all items and promote them between environments (Dev, TEST, UAT, Prod). We are using TFS and TDS (team development for Sitecore) but as out-of-box system works all security configurations are part of the items.

Let say we want to change security access for particular Role on selected items. This means we have to make the changes in TDS project and redeploy these items to all environments. Is this the correct/recommended approach? Is there some other way ?

Update:

Particular case. We have operation site in production, where the administrator have changed the initial defined security configurations on item A (introduced new ones or change existing). Some other fields could also be changed. We are ready to deploy the new developed features in production. One of the new changes is item A - where have been introduced new access rights for some new Role N1. The result we want is to keep all configurations for item A from production and add in addition the new security access rights for Role N1. How can this be achieved? Redeploying the whole item A means losing the configuration from production.

Thanks.

Was it helpful?

Solution

You have to re-deploy the items, disregarding whether you use TDS or not. Security settings for items are stored with items in Sitecore architecturally, that's why if the security settings are changed for an item, this literally means the item has changed and should be re-deployed.

In order to minimize the amount of items you have to deploy each time you can:

  • leverage the "inherit" option as much as possible - as a result, only items with explicit 'allow' or 'deny' permissions are affected
  • assign security for roles, not for users - as a result, in order to apply permissions for a new user you simply include it into the appropriate roles
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top