{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《Sitecore Role Security Make Access Overriding Deny》','https://www.manongdao.com/q-364418.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have user roles that work as follows: Admin is a role in Manger which is a role in Logged in User. I want this to work this way so that if a user has an Admin role, then they will also have a Logged in User role. This reason for this is checks in the code. I don't really want to have to write something that incrementally checks each role to see if a user has access to something when I can just check if they are a Logged in User. Now I want to be able to apply security to sitecore items. The problem I'm having is that denial of access overrides access if both exist for a user. I could separate the roles and do incremental checks (or even nest them in the opposite way) but I want to know if there's a way to switch denial of access overriding access to be the opposite. I.e. if a Manager has access to an item but a Logged in User does not then user who is a Manager will be able to see the item (while inheriting the Logged in User role) but a user who is just a Logged in User will not.
相关问题
- How to pass “[Sitecore Mobile SDK] Data from the i
- How can I remove duplicated page events in Sitecor
- Grails: SpringSecurity roleHierarchy not working a
- Securing SQL Server database from Domain Admin
- Spoof an IP address to test GEOIP lookups with Sit
相关文章
- Sitecore set/change default language from 'en&
- Sitecore OMS - achieving a goal on a form submissi
- Display several roles in one column of TableView
- Get number of components in placeholder, Sitecore
- ASP.net roles and Projects
- How can I change the ASP.Net MVC Login Redirect ba
- Requiring Multiple Roles in Web.config Authorizati
- How do I manually set a user's role in ASP.NET
I assume you have the following role structure:
You should very rarely deny access, as you have found out, since denial always overrides access no matter where the inheritance comes from. Instead, you should break inheritance for the Logged In User role, and then give Read access for your Manager role. Your Admin role will gain read access through inheritance since it is a member of Manager role.
Since you may have content which should only be accessible to Logged In Users, you should break inheritance on the sitecore\Everyone role as well, and give read access to your Logged In Users role.
Logged In User Role:
Manager Role: - is a member of Logged In User
Admin Role: is a member of Manager