Reputation: 8151
Sitecore role security
I have a Sitecore 6 site with an Extranet. An example Structure;
- Extranet
- Page 1
- Page 2
- Page 3
- Page 4
On the top-level "Extranet" page i have danied access for extranet\anonymous and given read rights to extranet\role1, extranet\role2, extranet\role3 and extranet\role4.
On the subpages there are different access rights depended on roles. Ie page1 can be accessed by extranet\role1 and extranet\role2 only and page 2 can only be accessed by extranet\role1. I have done this by giving read rights to page 1 and page 2 to extranet\role1 and denying read rights on page 2 to extranet\role2.
But when i have a user that is both in extranet\role1 and extranet\role2 it seems like the deny read rights of extranet\role2 is overwriting the read rights of extranet\role1, meaning the user does not have access page 2 in the above example.
What am i missing to get this to work?
Upvotes: 0
Views: 105
Answers (1)
Reputation: 8151
I figured out that you really shouldent use the deny read rights. If you dot his, this will overrule eveyrthing else. Instead you should use the Inheritance option. See How to secure an entire branch in a Sitecore content tree?
Upvotes: 2
Related Questions
- Asp Net MVC Role Security
- Sitecore security - combining roles
- asp.net membership sitecore
- Asp.net membership permissions and roles
- ASP.NET Security Roles AND Permissions
- Sitecore privileges on users with multiple roles
- Sitecore restrict access to areas of a site based on (external) user's role
- Role based authorization
- ASP.NET - Membership and roles
- Sitecore role hierarchy