Limit read access to a subtree to a certain role in Sitecore
I've been struggling with this off and on for months, and it may be non-trivial to answer.
What is the easiest way to limit public access to an item and its subitems to members of a single role? (Editors still need to be able to edit the item.)
e.g. There's a role, extranet/clubmember
, and items,
- Clubhouse
| - Items
| - Inside
| - Clubhouse
And I want extranet/clubmember
members to be able to read the items and subitems, sitecore/* members (Or, say, sitecore/editor) to h开发者_如何学编程ave edit access, and everyone else (in default and extranet domains) to be denied.
Second, does this solution still work with a custom role and membership providers for extranet? Why or why not, or what methods do I need to implement? I recall from earlier experiments that my custom role provider seems to affect Inheritance permissions in particular.
Have you tried the following:
- uncheck Inherit for Everyone (the global one) to Clubhouse root
- explicitly allow Read for extranet\clubmember to Clubhouse root
- explicitly allow Read/Write for sitecore\Everyone to Clubhouse root
Explicit assignments always win. So, that scheme should have the effect you expect.
精彩评论