Sitecore Roles and Responsibilities | Sitecore CMS Development Company

Sitecore has in-build security features that ensure your content administrators have the appropriate roles and permission of appropriate level of access to curate the content to the content Author. The administrator can grant them access to different Sitecore features.

Security is a vital part of Sitecore CMS. Sitecore has a number of out-of-box roles that provide various levels of permission to specific Sitecore features. Also, Sitecore is highly extensible so it will allow Sitecore developers to create their own custom roles and implementation of Sitecore custom security.

The content Author requires 3 key areas to edit content

Write access to the content Item – These items are site content, Component, Data source, Media library, Template, etc.
Language writes access – which language version is making to edit.
Workflow writes access – the workflow state of the current item.

If any of the permission missing from the Content Author, they have a lacks to edit the content.

Sitecore secures each of the item areas of the tree-wise separately to custom roles that we create in the Sitecore security management like content item role, language access role, and workflow access role. It will incredibly granular security implementation by keeping the role separately instead of securing all permission to a single role. Especially as the complexity of your core requirement.

Inheriting default roles

It is very common to have a group of Sitecore System Administrators who need to be able to do things like set security on users, have access to all content and workflow states, and be able to make changes to templates or system settings via the user interface. There are a variety of roles that can be used for that, so it is best to define exactly the functions that the user needs and use the built-in roles to grant access. Create a custom role for your system administrators and then inherit from the roles you need.

Admin Tool pages

In some scenarios, these system administrators also need access to things like the admin tools (like ShowConfig.aspx), which typically are only available to the ‘admin’ user. However, most of them also check for the ‘Developer’ role, so if your system administrators have the Developer role they can usually access these pages.

Custom Sitecore Roles

You may have requirements where there is no built-in role that supports your need. For example, you may have locked down your workflow to specific custom roles, so you’ll need to grant your ‘administrators’ the correct roles to work on these workflow states or grant access for your Sys Admin role to all states. Inheriting the roles can make security management easier, but if they are author roles that have explicit Deny permissions somewhere, this may not be what you want on a System Administrator. The Deny will trump any granted permissions.

The Security Editor

Sitecore security editor is an in-build interface that allows us to assign permission to Sitecore items by navigating through content items separately.

The Sitecore security editor has several ways to secure content.

Security editor has a role and user selector in the ribbon that will be used to identify the role or user you want to secure by clicking directly into the grid to apply for the permission and the administrator can be expanding the content tree to see the permissions are explicitly assigned in the grid to the selected role or user.
A security dialog will pop up. When the administrator doubles click on the item in the content tree grid on the left. This popup allows us to edit or view all the explicit permissions are assigned to the specific item rather than permissions assigned to the specific role or user.

The Access Viewer

Sitecore access viewer is an in-build inference that allows us to view your security implementation. Content administer can see the security implementation is assigned to the Sitecore content tree for a selected user or role.

The Sitecore access viewer mainly used to confirm your security permission is manifested as expected and to identify and fix the user or role access if the grant permissions are working as expected.

Sitecore Best Practices recommended for the user and role security

Remove default Sitecore admin user or change the password.
Ensure all user accounts should have strong passwords.
Make sure users have only required Sitecore client roles.
Make sure administrator user only used to perform administrator task and limit the administer user.
Create workflow users to control over publishing.
Limit certain interfaces, no matter what interface they select in the Sitecore login screen by using user property in the profile setting to the specific user.
Limit access to the part of content tree items that is relevant to the user.
Limit access to the ribbon items by disabling features.
Apply security roles rather than the user’s account.
Remove inherited permissions rather than specifically denying access.