I have a user who's been assigned the sitecore/Analytics Reporting role (member of Sitecore Client Users), and when I log in with that user I can see Marketing Center, Engagement Analytics and Executive Dashboard. I now want to give this user read access to a content item, but I can't make it work.
First of all, the sitecore/Analytics Reporting role already has read access to the content editor etc (inherited from the Everyone role), so why can't I see it? I created another role with explicit read access to the content item and assigned it to the same user, but I still can't see it. Does anyone know what I need to do for the user to see the content item?
I seen this a few times before with older Sitecore versions. Doing a Sitecore cache clear or IIS reset resolved it at that time.
After checking with Sitecore support they told me you have to add Sitecore Client Designer to your role (even though the Access Viewer shows you have read access you still won't be able to see it until you've added this role).
Related
If I have an item in draft state and I go to Experience Editor, the add new component is disabled and I cannot add any new components for an Editor role.
Any idea where should I look?
It sounds like member Roles are the issue here.
Look into including one of the Designer roles (Designer / Sitecore Client Designing)
From Sitecore security roles documentation:
Sitecore Client Designing
Gives the user access to Experience Editor Design pane features that allow a user to set layout details associated with items in the Sitecore client.
Members of this role are: Designer
and
Designer
Gives the user read and write access to the areas of the content tree
that are required when changing layout details for individual items
and groups of items via template standard values, as well as items
required when configuring the Experience Editor Design Pane.
This role also has two of the Sitecore Client roles assigned to it, so
if you assign just this role to a user, the Sitecore Client Designing
and Sitecore Client Users roles will be automatically assigned to the
user.
This role provides access to the Experience Editor Design Pane
features and the designer options in the Content Editor.
Note This role is not a member of the Author and Authoring roles, so
it does not allow users to edit items.
Members of this role are: Developer
This sounds like a a workflow security issue. I would recommend using the Access Viewer to check the user's access to the item you are trying to edit. If it tells you that there is no access, the right side of the tool should tell you why. If the 'why' is workflow state access, you probably need to adjust your security on the Workflow state for 'Draft'.
I've got a Sitecore Multilist that has several pre-selected items on it. Certain users aren't able to see the items on the list, because they don't have read access to the items.
The problem I've run into is that these users have some 12 roles and I can't figure out which one is restricting their read access to the items in the list. Is there an easy way to figure out which role needs to be modified to give them read access to these items?
I'm running Sitecore 7.2
You can use Sitecore Access Viewer application from Sitecore Desktop (Sitecore -> Security Tools -> Access Viewer).
Select chosen user
Find item which is not allowed for that user
Click on the 'Read' column.
You will see explanation why access is denied in right column
After everything had been set up for CloudKit, with provisioning profiles and CloudKit container set up, I still get the message,
There are no CloudKit enabled apps associated with this AppleID. Contact your team administrator...
when trying to access the Dashboard. I had previously tried everything, from renaming my entire project to making sure I was signed into iCloud before trying. All of the 'check boxes' were checked in the iCloud part of the Capabilities section.
The solution, as it turns out, is that only team administrators themselves can access the Dashboard. My professor made an administrator and it worked. I never explicitly saw this anywhere on posts or in Apple documentation.
I had the same message in cloudKit dashboard, it turned out I was logged in with a different appleID.
Additionally, the bundleID and containerID you point to must all be consistent with the Container name.
I am working on a website that uses Sitecore CMS. An intranet webpart was already created with restricted access.
In this intranet I've created a new page which should only be visible for 1 role. I have created the new role. I tried to mess around with the security of the page in the content editor (Security --> Assign). I published the changes. But no matter what I do, it doesn't seem to have any effect.
Any guidance would be greatly appreciated!
Open the sitecore desktop ( http://yoururl/sitecore/shell ), click on the 'sitecore' button, then 'security tools' and 'security editor'.
Select the 'anonymous user' account in the ribbon, click on the chosen page in the tree, and click 'x' near 'read'.
Then click 'select' in the ribbon and choose the proper role. Once again select the chosen node and allow 'Read' rights for the role.
Once it's done, you can use 'Access viewer' app (once again sitecore button and security tools on the desktop) to check whether the rights are set properly.
The trick is probably to deny access for the extranet\Anonymous user and then grant access for the role.
I like to use the Access Viewer or the Security Editor for that, instead of the Content Editor as it gives you a better overview.
Make sure to put inheritance to good use so you don't have to set security to each item individually but rather on the root of the site (if possible).
I advice you to take a look at the Sitecore Security Administrators Cookbook: http://sdn.sitecore.net/upload/sitecore6/securityadministratorscookbook-usletter.pdf
We are cleaning up the permissions in our Sitecore instance and we are running in to users that were granted specific access over the years. Now I would like to put all of our permissions in to roles and only grant rights via roles.
Is there a way to see the rights specifically assigned to a user? We have a small enough number of users that I could fix this manually, but the security viewer shows the cumulative permissions from user rights and role rights.
The query idea actually worked. So you can use Xpath Builder (in Dev Center) for this. It will be a little slow, but gives you the items:
/sitecore/content/myRoot//*[contains(#__Security,'username')]
Josh,
I just released a little script that should help you get moving on this. This script will show you all values of the __security field and allow you to reset them all. You will need to modify to reset for a specific user.
http://seankearney.com/post/Sitecore-Security-Report-and-Reset.aspx
Figured I would throw this out there after some testing with Rocks.
You can report on security from Sitecore Rocks (as mentioned in my comment to Bryan):
select ##ID as ID, ##Name as Name, ##Path as Path, #__Security from /sitecore/content/home//*[contains(#__Security,'xxxx')];
You can also reset the security field with a query too!
update set #__Security = "" from /sitecore/content/home//*[contains(#__Security,'xxxx')];