Assign Access to Multiple Sites in Sitecore 7.5

Question

I have a small question related to granting access to multiple sites in Sitecore 7.5.

Let's say I have a website named as website_1 and another website named as website_2 in my Sitecore environment. Now I have created two roles. One role named as r_website_1 gives access to website_1 and another role r_website_2 gives access to website_2.

In r_website_1, only access to website_1 is granted and access to website_2 is denied. The same goes for r_website_2 but for website_2.

Now I want to give read and write access to user_1 for both websites. What I did was went to User Manager>user_1>Edit>Member Of and then assigned both roles.

What I noticed that the user_1 only gets access to one website. it seems that both roles are countering each another. For example, the denied permission for website_2 in r_website_1 is conflicting with allowed permission for website_2 in r_website_2.

May I know what's the fix for this problem?

Thanks in advance,

Vaibhav

Answer 1

Deny permission always has priority. You cannot remove by simply adding another role with allow access rights.

Instead of using deny you should break the inheritance of chosen access right for the role1 for site2 and similarly for the role2 for site1.

Here is a quote from Sitecore Administrator Security Cookbook:

We recommend that you use inheritance whenever possible to limit the access that roles have to the items in Sitecore. Using inheritance instead of directly denying access rights to items makes it easier to manage the security system.

And you can read about breaking inheritance of access rights in Assign access rights to a security account document.