Sitecore Custom role permissions for experience editor - sitecore

We need to add a custom role which should have edit permissions on the page but should be able to add components\create new content. The user shouldn't be able to publish content or add new pages. He can edit page and add\create relevant components\content on the page. Currently, we've added below roles to the custom role and denied 'create' permission to the role on the entire content tree except for relevant page templates and placeholder settings.
Sitecore Designer
Sitecore client authoring
But while adding content in experience editor user is getting 'you don't have access to add content' error. What should be the exact set of permissions to be able to add content to pages but not create pages.

By default items are denied access and you need grant the specific access on the items in question. To be able to edit an item a user will need the Write permission.
Resources:
The different Access Rights explained
Assigning Access Rights

Related

How can I override Sitecoreā€™s Media Handler to force user to redirect to login page if user is not authenticated

I need a way to prevent access to files in media items if a user is not authenticated.
If a user is not authenticated he/she should be forced to redirect to the login page. If a user is authenticated then we should let the user to access the media item file, like we should handover the request to Sitecore.
Also help me on changing the configuration settings to override the existing MediaRequestHandler.
I would suggest using the OOTB Sitecore Security feature to grant or deny access to any item including media files.
This way you can restrict access to the specific assets only, not to ALL media files as in case with a bespoke media handler overriding the standard one, and you will not create any technical dependency on your custom code going forward. The latter is seen to be critical from the future website maintenance and Sitecore upgrade perspective.
To begin with, create a secure folder in the Media Library where you will be uploading the protected files and remove the READ permission from the anonymous user (typically it is extranet\anonymous). The full list of access rights can be found here. Expect all child assets to inherit the access permission from the parent folder. Now if you upload an asset into the restricted folder and try to request it in the frontend, you will get the "Access denied" message which is correct.
Next step is to create a new user role that will be allowed to view the restricted media files or use your existing one for the logged in users, assign the READ rights to this role, then assign this role
to the media folder and items you want to be accessible behind the login only.
Depending on your user experience on the website you can check whether the current context user can read a certain media item or not by calling item.Access.CanRead() method and then show or not a download/preview link for it or redirect to the login form.

System folder not visible

I have role named "GCP US Alias and Redirect" and I have given full access permission for "/sitecore/system/Aliases" and its descendants as in screen shot below.
Now I have assigned "GCP US Alias and Redirect" role to a user, When I login to sitecore as "GCP US Alias and Redirect" user I don't see "/sitecore/system" folder. I can just see "/sitecore/content" folder as in below screen shot.
I can see System folder when searched it by GUID as shown in below screen shot.
What do I do to make it visible at initial place when I open content editor?
Switch to the View tab and select Hidden items and Entire tree checkboxes. They are unchecked by default for non-admin users.
If you don't see the View tab, make sure that either your role has Read access to it (/sitecore/content/Applications/Content Editor/Ribbons/Ribbons/Default/View and /sitecore/content/Applications/Content Editor/Ribbons/Chunks/View in core database) or that your role inherits from e.g. sitecore\Sitecore Client Designing role (check if that role doesn't have too much access rights for your custom role first).

How do I enable editing features in Sitecore page editor?

I'm using Sitecore 7.2 and trying to allow a user to set things like datasources and some custom parameters on sublayouts in page editor mode. The user is a member of sitecore\Designer and sitecore\Author, but when that user tries to edit the component properties, the fields appear grayed out/disabled.
I am able to enable these options by setting a user as an admin, but don't want to grant quite that much power to this particular user.
Here is how tried it and it works on Sitecore 7.2
Create a new user called cbarnes (and in your case if there are other content editors)
Create a new Role - call it say SP Content Editor Authoring
Make that role a member of sitecore\Author and sitecore\Designer. This way it inherits everything from those two roles.
Make the user cbarnes one of the members of that role.
Lastly go to the security editor and give Write permission on the item after selecting the SP Content Editor Authoring Role under Roles and Users section.
Login as cbarnes user and check if it work!
Let us know if this works for you. Happy Sitecoring!
I actually ran into this same issue today on a 7.2 project. While my user had both the sitecore\Designer and sitecore\Author roles as a part of a client-specific author role I created, they were not able to edit rendering parameters.
By default, users in these roles have read-only access the Sitecore\Templates folder. Within this folder I had an additional folder named "Rendering Parameters" where I stored all my rendering parameters templates. I added Write access to the client-specific role for my "Rendering Parameters" template folder and users in that role can now edit and save rendering parameters without elevated permissions.
Use "Access Viewer" tool from Sitecore start menu to define why your user does not have required rights.
By default both roles sitecore\Designer and sitecore\Author have field read and field write access to Layout template section fields. But, it seems that roles have only read access to item that you are trying to edit. You can add write access to that item.
For more details look at Security AdministratorĀ“s Cookbook

User does not have access to Content Editor in sitecore

User has only Page Editor access. I tried adding different roles to the user but it still does not work. The only way to give user access to Content Editor is set him up as admin and i do not really want to give admin rights to the user.
You probably need to assign the standard role Sitecore\Author to your acount. See the Sitecore security reference for more details.
Add the below roles manually for the user whom you want to be a content author.
Sitecore\Developer
Sitecore\Sitecore Client Publishing
Sitecore\Designer
Sitecore\Author
Sitecore\Sitecore Client Users
For more information please refer to this post - roles required for a content author

give a role access to specific folder in Sitecore 6.5

I have a user who's been assigned the sitecore/Analytics Reporting role (member of Sitecore Client Users), and when I log in with that user I can see Marketing Center, Engagement Analytics and Executive Dashboard. I now want to give this user read access to a content item, but I can't make it work.
First of all, the sitecore/Analytics Reporting role already has read access to the content editor etc (inherited from the Everyone role), so why can't I see it? I created another role with explicit read access to the content item and assigned it to the same user, but I still can't see it. Does anyone know what I need to do for the user to see the content item?
I seen this a few times before with older Sitecore versions. Doing a Sitecore cache clear or IIS reset resolved it at that time.
After checking with Sitecore support they told me you have to add Sitecore Client Designer to your role (even though the Access Viewer shows you have read access you still won't be able to see it until you've added this role).