Inheriting Sitecore Roles

up vote
1
down vote

favorite

I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.

Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.

I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.

enter image description here

asked Nov 20 at 6:20

Dheeraj p

17710

add a comment |

up vote
1
down vote

favorite

I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.

Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.

I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.

enter image description here

asked Nov 20 at 6:20

Dheeraj p

17710

add a comment |

up vote
1
down vote

favorite

I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.

Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.

I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.

enter image description here

asked Nov 20 at 6:20

Dheeraj p

17710

I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.

Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.

I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.

enter image description here

security role-management

asked Nov 20 at 6:20

Dheeraj p

17710

asked Nov 20 at 6:20

Dheeraj p

17710

asked Nov 20 at 6:20

Dheeraj p

17710

asked Nov 20 at 6:20

Dheeraj p

17710

asked Nov 20 at 6:20

Dheeraj p

17710

add a comment |

1 Answer
1

active

oldest

votes

up vote
5
down vote

accepted

Deny access right cannot be overwritten by any allow rule.

What you need to do is to:

remove that Deny read access for Editor role

make your Approver role a member of Editor role

disable inheritance of access rights for that item for your Editor role

and for your Approver role you need to assign Read and Write back

More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "664"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15030%2finheriting-sitecore-roles%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
5
down vote

accepted

Deny access right cannot be overwritten by any allow rule.

What you need to do is to:

remove that Deny read access for Editor role

make your Approver role a member of Editor role

disable inheritance of access rights for that item for your Editor role

and for your Approver role you need to assign Read and Write back

More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

add a comment |

up vote
5
down vote

accepted

Deny access right cannot be overwritten by any allow rule.

What you need to do is to:

remove that Deny read access for Editor role

make your Approver role a member of Editor role

disable inheritance of access rights for that item for your Editor role

and for your Approver role you need to assign Read and Write back

More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

add a comment |

up vote
5
down vote

accepted

Deny access right cannot be overwritten by any allow rule.

What you need to do is to:

remove that Deny read access for Editor role

make your Approver role a member of Editor role

disable inheritance of access rights for that item for your Editor role

and for your Approver role you need to assign Read and Write back

More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

Deny access right cannot be overwritten by any allow rule.

What you need to do is to:

remove that Deny read access for Editor role

make your Approver role a member of Editor role

disable inheritance of access rights for that item for your Editor role

and for your Approver role you need to assign Read and Write back

More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

edited Nov 20 at 6:53

answered Nov 20 at 6:37

Marek Musielak

9,25011034

answered Nov 20 at 6:37

Marek Musielak

9,25011034

answered Nov 20 at 6:37

Marek Musielak

9,25011034

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Gfrktyl