Any way to transfer all permissions from one role to another? The Next CEO of Stack OverflowAtlanta Sitecore User GroupGet base or inherited roles from Role or User object

Is a stroke of luck acceptable after a series of unfavorable events?

If the heap is initialized for security, then why is the stack uninitialized?

How can a function with a hole (removable discontinuity) equal a function with no hole?

What is the purpose of the Evocation wizard's Potent Cantrip feature?

Can a caster that cast Polymorph on themselves stop concentrating at any point even if their Int is low?

What does "Its cash flow is deeply negative" mean?

How did Arya survive the stabbing?

declare as function pointer and initialize in the same line

Inappropriate reference requests from Journal reviewers

How can I get through very long and very dry, but also very useful technical documents when learning a new tool?

Anatomically Correct Mesopelagic Aves

Overlapping nodes in a decision tree

How to start emacs in "nothing" mode

Return the Closest Prime Number

Increase performance creating Mandelbrot set in python

Only print output after finding pattern

Can the Reverse Gravity spell affect the Meteor Swarm spell?

What is meant by a M next to a roman numeral?

How can I quit an app using Terminal?

Is there a good way to store credentials outside of a password manager?

What's the point of interval inversion?

What does this shorthand mean?

Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?

How do scammers retract money, while you can’t?



Any way to transfer all permissions from one role to another?



The Next CEO of Stack Overflow
Atlanta Sitecore User GroupGet base or inherited roles from Role or User object










3















We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...










share|improve this question






















  • Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

    – Marek Musielak
    4 hours ago






  • 2





    You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

    – Mark Cassidy
    4 hours ago











  • @MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

    – Levi Wallach
    4 hours ago











  • @MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

    – Levi Wallach
    4 hours ago















3















We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...










share|improve this question






















  • Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

    – Marek Musielak
    4 hours ago






  • 2





    You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

    – Mark Cassidy
    4 hours ago











  • @MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

    – Levi Wallach
    4 hours ago











  • @MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

    – Levi Wallach
    4 hours ago













3












3








3








We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...










share|improve this question














We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...







permissions






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 4 hours ago









Levi WallachLevi Wallach

1616




1616












  • Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

    – Marek Musielak
    4 hours ago






  • 2





    You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

    – Mark Cassidy
    4 hours ago











  • @MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

    – Levi Wallach
    4 hours ago











  • @MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

    – Levi Wallach
    4 hours ago

















  • Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

    – Marek Musielak
    4 hours ago






  • 2





    You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

    – Mark Cassidy
    4 hours ago











  • @MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

    – Levi Wallach
    4 hours ago











  • @MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

    – Levi Wallach
    4 hours ago
















Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

– Marek Musielak
4 hours ago





Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?

– Marek Musielak
4 hours ago




2




2





You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

– Mark Cassidy
4 hours ago





You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.

– Mark Cassidy
4 hours ago













@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

– Levi Wallach
4 hours ago





@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.

– Levi Wallach
4 hours ago













@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

– Levi Wallach
4 hours ago





@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.

– Levi Wallach
4 hours ago










2 Answers
2






active

oldest

votes


















3














I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.



It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.



The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.



#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"

$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""

$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("






share|improve this answer























  • I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

    – Pete Navarra
    41 mins ago


















1














Use Role Inheritance



Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.



Creating the Base Role



For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:



enter image description here



And in Security Editor:
enter image description here



Creating the Secondary Role



So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
enter image description here



In Security Editor:
enter image description here



Assign the Secondary Role only to a user:



Adding the secondary role inherits all of the other roles.
enter image description here



Magic Permission - Breaking Inheritance



Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
enter image description here



Reviewing our Work



Base Author Role



You can see here that Base Author Role only has access to the items that we gave it above.
enter image description here



Headmaster Editor Role



But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
enter image description here



In Summary



The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.






share|improve this answer


















  • 1





    Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

    – Levi Wallach
    3 hours ago











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "664"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f17766%2fany-way-to-transfer-all-permissions-from-one-role-to-another%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.



It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.



The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.



#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"

$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""

$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("






share|improve this answer























  • I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

    – Pete Navarra
    41 mins ago















3














I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.



It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.



The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.



#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"

$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""

$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("






share|improve this answer























  • I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

    – Pete Navarra
    41 mins ago













3












3








3







I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.



It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.



The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.



#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"

$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""

$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("






share|improve this answer













I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.



It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.



The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.



#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"

$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""

$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 hours ago









Marek MusielakMarek Musielak

11.2k11136




11.2k11136












  • I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

    – Pete Navarra
    41 mins ago

















  • I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

    – Pete Navarra
    41 mins ago
















I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

– Pete Navarra
41 mins ago





I do not disagree that Marek has provided a solution. However, I have a POV that this is an excessive amount of work indicating that roles were not setup correctly in the first place. While I have upvoted I think fixing the role strategy is a better approach.

– Pete Navarra
41 mins ago











1














Use Role Inheritance



Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.



Creating the Base Role



For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:



enter image description here



And in Security Editor:
enter image description here



Creating the Secondary Role



So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
enter image description here



In Security Editor:
enter image description here



Assign the Secondary Role only to a user:



Adding the secondary role inherits all of the other roles.
enter image description here



Magic Permission - Breaking Inheritance



Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
enter image description here



Reviewing our Work



Base Author Role



You can see here that Base Author Role only has access to the items that we gave it above.
enter image description here



Headmaster Editor Role



But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
enter image description here



In Summary



The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.






share|improve this answer


















  • 1





    Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

    – Levi Wallach
    3 hours ago















1














Use Role Inheritance



Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.



Creating the Base Role



For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:



enter image description here



And in Security Editor:
enter image description here



Creating the Secondary Role



So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
enter image description here



In Security Editor:
enter image description here



Assign the Secondary Role only to a user:



Adding the secondary role inherits all of the other roles.
enter image description here



Magic Permission - Breaking Inheritance



Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
enter image description here



Reviewing our Work



Base Author Role



You can see here that Base Author Role only has access to the items that we gave it above.
enter image description here



Headmaster Editor Role



But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
enter image description here



In Summary



The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.






share|improve this answer


















  • 1





    Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

    – Levi Wallach
    3 hours ago













1












1








1







Use Role Inheritance



Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.



Creating the Base Role



For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:



enter image description here



And in Security Editor:
enter image description here



Creating the Secondary Role



So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
enter image description here



In Security Editor:
enter image description here



Assign the Secondary Role only to a user:



Adding the secondary role inherits all of the other roles.
enter image description here



Magic Permission - Breaking Inheritance



Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
enter image description here



Reviewing our Work



Base Author Role



You can see here that Base Author Role only has access to the items that we gave it above.
enter image description here



Headmaster Editor Role



But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
enter image description here



In Summary



The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.






share|improve this answer













Use Role Inheritance



Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.



Creating the Base Role



For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:



enter image description here



And in Security Editor:
enter image description here



Creating the Secondary Role



So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
enter image description here



In Security Editor:
enter image description here



Assign the Secondary Role only to a user:



Adding the secondary role inherits all of the other roles.
enter image description here



Magic Permission - Breaking Inheritance



Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
enter image description here



Reviewing our Work



Base Author Role



You can see here that Base Author Role only has access to the items that we gave it above.
enter image description here



Headmaster Editor Role



But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
enter image description here



In Summary



The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.







share|improve this answer












share|improve this answer



share|improve this answer










answered 4 hours ago









Pete NavarraPete Navarra

11.2k2675




11.2k2675







  • 1





    Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

    – Levi Wallach
    3 hours ago












  • 1





    Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

    – Levi Wallach
    3 hours ago







1




1





Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

– Levi Wallach
3 hours ago





Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...

– Levi Wallach
3 hours ago

















draft saved

draft discarded
















































Thanks for contributing an answer to Sitecore Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f17766%2fany-way-to-transfer-all-permissions-from-one-role-to-another%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Францішак Багушэвіч Змест Сям'я | Біяграфія | Творчасць | Мова Багушэвіча | Ацэнкі дзейнасці | Цікавыя факты | Спадчына | Выбраная бібліяграфія | Ушанаванне памяці | У філатэліі | Зноскі | Літаратура | Спасылкі | НавігацыяЛяхоўскі У. Рупіўся дзеля Бога і людзей: Жыццёвы шлях Лявона Вітан-Дубейкаўскага // Вольскі і Памідораў з песняй пра немца Адвакат, паэт, народны заступнік Ашмянскі веснікВ Минске появится площадь Богушевича и улица Сырокомли, Белорусская деловая газета, 19 июля 2001 г.Айцец беларускай нацыянальнай ідэі паўстаў у бронзе Сяргей Аляксандравіч Адашкевіч (1918, Мінск). 80-я гады. Бюст «Францішак Багушэвіч».Яўген Мікалаевіч Ціхановіч. «Партрэт Францішка Багушэвіча»Мікола Мікалаевіч Купава. «Партрэт зачынальніка новай беларускай літаратуры Францішка Багушэвіча»Уладзімір Іванавіч Мелехаў. На помніку «Змагарам за родную мову» Барэльеф «Францішак Багушэвіч»Памяць пра Багушэвіча на Віленшчыне Страчаная сталіца. Беларускія шыльды на вуліцах Вільні«Krynica». Ideologia i przywódcy białoruskiego katolicyzmuФранцішак БагушэвічТворы на knihi.comТворы Францішка Багушэвіча на bellib.byСодаль Уладзімір. Францішак Багушэвіч на Лідчыне;Луцкевіч Антон. Жыцьцё і творчасьць Фр. Багушэвіча ў успамінах ягоных сучасьнікаў // Запісы Беларускага Навуковага таварыства. Вільня, 1938. Сшытак 1. С. 16-34.Большая российская1188761710000 0000 5537 633Xn9209310021619551927869394п

Беларусь Змест Назва Гісторыя Геаграфія Сімволіка Дзяржаўны лад Палітычныя партыі Міжнароднае становішча і знешняя палітыка Адміністрацыйны падзел Насельніцтва Эканоміка Культура і грамадства Сацыяльная сфера Узброеныя сілы Заўвагі Літаратура Спасылкі НавігацыяHGЯOiТоп-2011 г. (па версіі ej.by)Топ-2013 г. (па версіі ej.by)Топ-2016 г. (па версіі ej.by)Топ-2017 г. (па версіі ej.by)Нацыянальны статыстычны камітэт Рэспублікі БеларусьШчыльнасць насельніцтва па краінахhttp://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/А. Калечыц, У. Ксяндзоў. Спробы засялення краю неандэртальскім чалавекам.І ў Менску былі мамантыА. Калечыц, У. Ксяндзоў. Старажытны каменны век (палеаліт). Першапачатковае засяленне тэрыторыіГ. Штыхаў. Балты і славяне ў VI—VIII стст.М. Клімаў. Полацкае княства ў IX—XI стст.Г. Штыхаў, В. Ляўко. Палітычная гісторыя Полацкай зямліГ. Штыхаў. Дзяржаўны лад у землях-княствахГ. Штыхаў. Дзяржаўны лад у землях-княствахБеларускія землі ў складзе Вялікага Княства ЛітоўскагаЛюблінская унія 1569 г."The Early Stages of Independence"Zapomniane prawdy25 гадоў таму было аб'яўлена, што Язэп Пілсудскі — беларус (фота)Наша вадаДакументы ЧАЭС: Забруджванне тэрыторыі Беларусі « ЧАЭС Зона адчужэнняСведения о политических партиях, зарегистрированных в Республике Беларусь // Министерство юстиции Республики БеларусьСтатыстычны бюлетэнь „Полаўзроставая структура насельніцтва Рэспублікі Беларусь на 1 студзеня 2012 года і сярэднегадовая колькасць насельніцтва за 2011 год“Индекс человеческого развития Беларуси — не было бы нижеБеларусь занимает первое место в СНГ по индексу развития с учетом гендерного факцёраНацыянальны статыстычны камітэт Рэспублікі БеларусьКанстытуцыя РБ. Артыкул 17Трансфармацыйныя задачы БеларусіВыйсце з крызісу — далейшае рэфармаванне Беларускі рубель — сусветны лідар па дэвальвацыяхПра змену коштаў у кастрычніку 2011 г.Бядней за беларусаў у СНД толькі таджыкіСярэдні заробак у верасні дасягнуў 2,26 мільёна рублёўЭканомікаГаласуем за ТОП-100 беларускай прозыСучасныя беларускія мастакіАрхитектура Беларуси BELARUS.BYА. Каханоўскі. Культура Беларусі ўсярэдзіне XVII—XVIII ст.Анталогія беларускай народнай песні, гуказапісы спеваўБеларускія Музычныя IнструментыБеларускі рок, які мы страцілі. Топ-10 гуртоў«Мясцовы час» — нязгаслая легенда беларускай рок-музыкіСЯРГЕЙ БУДКІН. МЫ НЯ ЗНАЕМ СВАЁЙ МУЗЫКІМ. А. Каладзінскі. НАРОДНЫ ТЭАТРМагнацкія культурныя цэнтрыПублічная дыскусія «Беларуская новая пьеса: без беларускай мовы ці беларуская?»Беларускія драматургі па-ранейшаму лепш ставяцца за мяжой, чым на радзіме«Працэс незалежнага кіно пайшоў, і дзяржаву турбуе яго непадкантрольнасць»Беларускія філосафы ў пошуках прасторыВсе идём в библиотекуАрхіваванаАб Нацыянальнай праграме даследавання і выкарыстання касмічнай прасторы ў мірных мэтах на 2008—2012 гадыУ космас — разам.У суседнім з Барысаўскім раёне пабудуюць Камандна-вымяральны пунктСвяты і абрады беларусаў«Мірныя бульбашы з малой краіны» — 5 непраўдзівых стэрэатыпаў пра БеларусьМ. Раманюк. Беларускае народнае адзеннеУ Беларусі скарачаецца колькасць злачынстваўЛукашэнка незадаволены мінскімі ўладамі Крадзяжы складаюць у Мінску каля 70% злачынстваў Узровень злачыннасці ў Мінскай вобласці — адзін з самых высокіх у краіне Генпракуратура аналізуе стан са злачыннасцю ў Беларусі па каэфіцыенце злачыннасці У Беларусі стабілізавалася крымінагеннае становішча, лічыць генпракурорЗамежнікі сталі здзяйсняць у Беларусі больш злачынстваўМУС Беларусі турбуе рост рэцыдыўнай злачыннасціЯ з ЖЭСа. Дазволіце вас абкрасці! Рэйтынг усіх службаў і падраздзяленняў ГУУС Мінгарвыканкама вырасАб КДБ РБГісторыя Аператыўна-аналітычнага цэнтра РБГісторыя ДКФРТаможняagentura.ruБеларусьBelarus.by — Афіцыйны сайт Рэспублікі БеларусьСайт урада БеларусіRadzima.org — Збор архітэктурных помнікаў, гісторыя Беларусі«Глобус Беларуси»Гербы и флаги БеларусиАсаблівасці каменнага веку на БеларусіА. Калечыц, У. Ксяндзоў. Старажытны каменны век (палеаліт). Першапачатковае засяленне тэрыторыіУ. Ксяндзоў. Сярэдні каменны век (мезаліт). Засяленне краю плямёнамі паляўнічых, рыбакоў і збіральнікаўА. Калечыц, М. Чарняўскі. Плямёны на тэрыторыі Беларусі ў новым каменным веку (неаліце)А. Калечыц, У. Ксяндзоў, М. Чарняўскі. Гаспадарчыя заняткі ў каменным векуЭ. Зайкоўскі. Духоўная культура ў каменным векуАсаблівасці бронзавага веку на БеларусіФарміраванне супольнасцей ранняга перыяду бронзавага векуФотографии БеларусиРоля беларускіх зямель ва ўтварэнні і ўмацаванні ВКЛВ. Фадзеева. З гісторыі развіцця беларускай народнай вышыўкіDMOZGran catalanaБольшая российскаяBritannica (анлайн)Швейцарскі гістарычны15325917611952699xDA123282154079143-90000 0001 2171 2080n9112870100577502ge128882171858027501086026362074122714179пппппп

ValueError: Expected n_neighbors <= n_samples, but n_samples = 1, n_neighbors = 6 (SMOTE) The 2019 Stack Overflow Developer Survey Results Are InCan SMOTE be applied over sequence of words (sentences)?ValueError when doing validation with random forestsSMOTE and multi class oversamplingLogic behind SMOTE-NC?ValueError: Error when checking target: expected dense_1 to have shape (7,) but got array with shape (1,)SmoteBoost: Should SMOTE be ran individually for each iteration/tree in the boosting?solving multi-class imbalance classification using smote and OSSUsing SMOTE for Synthetic Data generation to improve performance on unbalanced dataproblem of entry format for a simple model in KerasSVM SMOTE fit_resample() function runs forever with no result