Sitecore 角色安全使访问覆盖拒绝 [英] Sitecore Role Security Make Access Overriding Deny
问题描述
我的用户角色如下:Admin 是 Manger 中的一个角色,它是 Logged in User 中的一个角色.我希望以这种方式工作,以便如果用户具有管理员角色,那么他们也将具有登录用户角色.这样做的原因是代码中的检查.当我可以检查他们是否是登录用户时,我真的不想写一些东西来增量检查每个角色以查看用户是否有权访问某些内容.现在我希望能够对 sitecore 项目应用安全性.我遇到的问题是,如果用户同时存在,拒绝访问会覆盖访问.我可以分离角色并进行增量检查(甚至以相反的方式嵌套它们),但我想知道是否有办法将拒绝访问覆盖访问切换为相反的方式.IE.如果管理员有权访问某个项目,但登录用户没有权限,则作为管理员的用户将能够看到该项目(同时继承登录用户角色),但只是登录用户的用户则不能.
I have user roles that work as follows: Admin is a role in Manger which is a role in Logged in User. I want this to work this way so that if a user has an Admin role, then they will also have a Logged in User role. This reason for this is checks in the code. I don't really want to have to write something that incrementally checks each role to see if a user has access to something when I can just check if they are a Logged in User. Now I want to be able to apply security to sitecore items. The problem I'm having is that denial of access overrides access if both exist for a user. I could separate the roles and do incremental checks (or even nest them in the opposite way) but I want to know if there's a way to switch denial of access overriding access to be the opposite. I.e. if a Manager has access to an item but a Logged in User does not then user who is a Manager will be able to see the item (while inheriting the Logged in User role) but a user who is just a Logged in User will not.
推荐答案
我假设您具有以下角色结构:
I assume you have the following role structure:
- 管理员 - 是...的成员
- 经理 - 是...的成员
- 登录用户
正如您所发现的,您应该很少拒绝访问,因为无论继承来自何处,拒绝总是会覆盖访问.相反,您应该中断 Logged In User 角色的继承,然后为您的 Manager 角色授予读取访问权限.您的 Admin 角色将通过继承获得读取权限,因为它是 Manager 角色的成员.
You should very rarely deny access, as you have found out, since denial always overrides access no matter where the inheritance comes from. Instead, you should break inheritance for the Logged In User role, and then give Read access for your Manager role. Your Admin role will gain read access through inheritance since it is a member of Manager role.
由于您可能拥有只有登录用户才能访问的内容,因此您也应该打破对 sitecore\Everyone 角色的继承,并授予对您的登录用户角色.
Since you may have content which should only be accessible to Logged In Users, you should break inheritance on the sitecore\Everyone role as well, and give read access to your Logged In Users role.
登录用户角色:
经理角色: - 是登录用户的成员
Manager Role: - is a member of Logged In User
管理员角色:是经理的成员
这篇关于Sitecore 角色安全使访问覆盖拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
