Sitecore allow role to publish content in specific areas only

I am trying to create a role within Sitecore which can publish content, but only withi开发者_如何转开发n a specific area(s) of the site. I've added the standard Sitecore\Client Publishing role to my role, but I can't see how to prevent the role from being able to publish all areas of the site. I've looked at the Security editor and the Access viewer, but setting the write access of the sections only seems to affect the ability to edit those sections and has no effect on the ability to publish on those sections.

Workflow is the typical way this is handled. Giving roles access to approve (this could be called 'publish') content of certain sections of the content tree will be the best way to achieve what you are describing. Combine this with an auto-publish action to make it more user friendly.

One thing to keep in mind though using this method is referenced items (images from media library the content may be using for example). Take a look at the 'Publishing Spider' module on the shared source library http://trac.sitecore.net/PublishingSpider

EDIT: Update

I recently discovered this setting in the web.config: "Publishing.CheckSecurity". If set to true, this setting will only publish items if the user has read + write on the item and will only remove items from the web DB if the user has delete permissions.

I had a similar situation once and I created roles per section which only had read and write to that section and no where else (let say 'editor section 1') and another role which only had publishing permission for that section (let say 'publisher section 1'). Then added 'editor section 1' role to 'publisher section 1' role which gives you the role for publishing only specific section. You do not need multiple workflows, same workflow with multiple roles can also achieve this goal

Answer to this is to set Publishing.CheckSecurity to true

You need to find this code inside web

<!--  PUBLISHING SECURITY
        Check security rights when publishing?
        When CheckSecurity=true, Read rights are required for all source items. When it is
        determined that an item should be updated or created in the target database,
        Write right is required on the source item. If it is determined that the item
        should be deleted from target database, Delete right is required on the target item.
        In summary, only the Read, Write and Delete rights are used. All other rights are ignored.
        Default value: false
  -->
        <setting name="Publishing.CheckSecurity" value="false" />

Set the value="true"

But again you have to govern the security tightly, and assign user role properly. Failed to do so you will experience buggy publishing.

Hope that will help