Inheriting Sitecore Roles











up vote
1
down vote

favorite












I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.



Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.



I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.



enter image description here






security role-management







share|improve this question


























    up vote
    1
    down vote

    favorite












    I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.



    Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.



    I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.



    enter image description here






    security role-management







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.



      Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.



      I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.



      enter image description here






      security role-management







      share|improve this question













      I have a role "Editor" which is having certain permissions and don't have read access to Sitecore/Social item.



      Now i need to create a new role "Approver" which is having same access as Editor but with additional Read and Write access to Sitecore/Social Item.



      I tried by making Approver as member of Editor and then gave additional access to Approver. But this is not working.



      enter image description here






      security role-management




      security role-management






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 20 at 6:20









      Dheeraj p

      17710




      17710






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          6
          down vote



          accepted










          Deny access right cannot be overwritten by any allow rule.



          What you need to do is to:




          • remove that Deny read access for Editor role

          • make your Approver role a member of Editor role

          • disable inheritance of access rights for that item for your Editor role

          • and for your Approver role you need to assign Read and Write back


          More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "664"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15030%2finheriting-sitecore-roles%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            6
            down vote



            accepted










            Deny access right cannot be overwritten by any allow rule.



            What you need to do is to:




            • remove that Deny read access for Editor role

            • make your Approver role a member of Editor role

            • disable inheritance of access rights for that item for your Editor role

            • and for your Approver role you need to assign Read and Write back


            More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right






            share|improve this answer



























              up vote
              6
              down vote



              accepted










              Deny access right cannot be overwritten by any allow rule.



              What you need to do is to:




              • remove that Deny read access for Editor role

              • make your Approver role a member of Editor role

              • disable inheritance of access rights for that item for your Editor role

              • and for your Approver role you need to assign Read and Write back


              More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right






              share|improve this answer

























                up vote
                6
                down vote



                accepted







                up vote
                6
                down vote



                accepted






                Deny access right cannot be overwritten by any allow rule.



                What you need to do is to:




                • remove that Deny read access for Editor role

                • make your Approver role a member of Editor role

                • disable inheritance of access rights for that item for your Editor role

                • and for your Approver role you need to assign Read and Write back


                More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right






                share|improve this answer














                Deny access right cannot be overwritten by any allow rule.



                What you need to do is to:




                • remove that Deny read access for Editor role

                • make your Approver role a member of Editor role

                • disable inheritance of access rights for that item for your Editor role

                • and for your Approver role you need to assign Read and Write back


                More information can be found in https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/the_inheritance_access_right







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 20 at 6:53

























                answered Nov 20 at 6:37









                Marek Musielak

                9,26011034




                9,26011034






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Sitecore Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15030%2finheriting-sitecore-roles%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    QoS: MAC-Priority for clients behind a repeater

                    Image
                    1 1 I've setup a wireless network using a Linksys-Router (DD-WRT) as an AP and a TP-Link repeater for range extension. To manage bandwith for specific users, I've setup QoS-Rules on the AP (DD-WRT) using MAC-Priority: However the AP shows only the Repeater's MAC and the MACs of users inside the AP-Range. The MAC addresses of users behind the Repeater are not listed : The purple MAC is not listed in the AP-Clientlist. Its related to a device connected via the TP-Link repeater. Q: How can I setup MAC-Priority for repeater-clients? Do I simply add the purple MAC in AP-MAC priority list although it's not listed as a client? I want to setup specific priority instead of giving one priority for all clients behind the repeater by adding the repeater's MAC in the MAC priority list in the AP as
                    Read more

                    Ивакино (Тотемский район)

                    Image
                    У этого топонима есть и другие значения, см. Ивакино. Деревня Ивакино 59°42′01″ с. ш. 42°01′36″ в. д. H G Я O Страна Россия   Россия Субъект Федерации Вологодская область Муниципальный район Тотемский район Сельское поселение Погореловское История и география Тип климата умеренно-континентальный Часовой пояс UTC+3 Население Население 33 человека ( 2002 ) Национальности русские Цифровые идентификаторы Почтовый индекс 161327 Код ОКАТО 19 246 848 008 Код ОКТМО 19 646 448 136 Прочее Рег. номер 6261 Показать/скрыть карты Ивакино Ивакино Ивакино Ивакино — деревня в Тотемском районе Вологодской области. Входит в состав Погореловского сельского поселения [1] , с точки зрения административно-территориального деления — в Погореловский сельсовет. Расстояние по автодороге до районного центра Тотьмы — 61,5 км, до центра муниципального образования деревни Погорелово — 1,5 км.
                    Read more

                    Can't locate Autom4te/ChannelDefs.pm in @INC (when it definitely is there)

                    Image
                    up vote 1 down vote favorite I've been running into trouble running make for a build process that I know works on a 32-bit Ubuntu VM. I am running a 64-bit Ubuntu VM, and I have a feeling that the 64-bit may be the problem, but am not entirely sure. Basically, when I run the make command, I get the following error: Can't locate Autom4te/ChannelDefs.pm in @INC (@INC contains: [...]/staging_dir/host/share/autoconf /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at [...]/staging_dir/host/bin/autoreconf line 40. Now if I navigate to [...]/staging_dir/host/share/autoconf I can see that, contrary to what autoreconf thinks, Autom4te/ChannelDefs.pm definitely exists, so I don't really understand what
                    Read more