Any way to transfer all permissions from one role to another? The Next CEO of Stack OverflowAtlanta Sitecore User GroupGet base or inherited roles from Role or User object
How do spells that require an ability check vs. the caster's spell save DC work?
How long to clear the 'suck zone' of a turbofan after start is initiated?
Unreliable Magic - Is it worth it?
Why use "finir par" instead of "finir de" before an infinitive?
Can the Reverse Gravity spell affect the Meteor Swarm spell?
Can a single photon have an energy density?
Is it a good idea to use COLUMN AS (left([Another_Column],(4)) insetead of LEFT in the select?
Crossing the line between justified force and brutality
What does "Its cash flow is deeply negative" mean?
How do I go from 300 unfinished/half written blog posts, to published posts?
How did Arya survive the stabbing?
How to Reset Passwords on Multiple Websites Easily?
How should I support this large drywall patch?
% symbol leads to superlong (forever?) compilations
Opamp stability given in not inverting configuration
How can I open an app using Terminal?
Increase performance creating Mandelbrot set in python
Why did we only see the N-1 starfighters in one film?
How can I get through very long and very dry, but also very useful technical documents when learning a new tool?
Why doesn't a table tennis ball float on the surface? How do we calculate buoyancy here?
Whats the best way to handle refactoring a big file?
Why is Miller's case titled R (Miller)?
Can a caster that cast Polymorph on themselves stop concentrating at any point even if their Int is low?
India just shot down a satellite from the ground. At what altitude range is the resulting debris field?
Any way to transfer all permissions from one role to another?
The Next CEO of Stack OverflowAtlanta Sitecore User GroupGet base or inherited roles from Role or User object
We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...
permissions
asked 3 hours ago
Levi WallachLevi Wallach
1616
add a comment |
We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...
permissions
asked 3 hours ago
Levi WallachLevi Wallach
1616
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
2
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago
add a comment |
We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...
permissions
asked 3 hours ago
Levi WallachLevi Wallach
1616
We are going to have to create new roles for new content sections and it would be very helpful if we could transfer role permssions so that we don't have to reassign permissions for all the folders to secondary roles for a particular section.
Just wondering if there's a way to copy permissiosn from one role to another and then build on that second role to make the additional permission tweaks, which would be a lot easier than replicating every single folder/item permissions in the new role...
permissions
permissions
asked 3 hours ago
Levi WallachLevi Wallach
1616
asked 3 hours ago
Levi WallachLevi Wallach
1616
asked 3 hours ago
Levi WallachLevi Wallach
1616
asked 3 hours ago
Levi WallachLevi Wallach
1616
asked 3 hours ago
Levi WallachLevi Wallach
1616
1616
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
2
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago
add a comment |
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
2
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
2
2
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago
add a comment |
2 Answers
2
active
oldest
votes
I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.
It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.
The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.
#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"
$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""
$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
add a comment |
Use Role Inheritance
Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.
Creating the Base Role
For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:
And in Security Editor:
Creating the Secondary Role
So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
In Security Editor:
Assign the Secondary Role only to a user:
Adding the secondary role inherits all of the other roles.
Magic Permission - Breaking Inheritance
Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
Reviewing our Work
Base Author Role
You can see here that Base Author Role only has access to the items that we gave it above.
Headmaster Editor Role
But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
In Summary
The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "664"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f17766%2fany-way-to-transfer-all-permissions-from-one-role-to-another%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.
It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.
The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.
#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"
$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""
$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
add a comment |
I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.
It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.
The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.
#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"
$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""
$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
add a comment |
I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.
It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.
The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.
#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"
$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""
$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
I've written a powershell script which should do the magic for you. I suggest you backup your database before running it, just in case.
It searches for ar|ROLE_DOMAINROLE_NAME| string in __Security fields of all the items under the $root item, looks for the next role or user in the security, and duplicates that role access rights to the second role.
The script only takes into account access rights assigned to the role directly - it doesn't take into account access rights inherited from other roles.
#settings
$roleName = "sitecoreRoleA"
$newRoleName = "sitecoreRoleB"
$root = "110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9"
$roleSecurityString = "ar|" + $roleName + "|"
$items = @(Get-Item -Path $root) + @(Get-ChildItem -Path $root -Recurse)
foreach ($item in $items)
if ($item["__Security"].Contains($roleSecurityString))
$roleRights = ""
$startIndex = $item["__Security"].IndexOf($roleSecurityString);
$endIndex = $item["__Security"].IndexOf("
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
answered 1 hour ago
Marek MusielakMarek Musielak
11.2k11136
11.2k11136
add a comment |
add a comment |
Use Role Inheritance
Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.
Creating the Base Role
For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:
And in Security Editor:
Creating the Secondary Role
So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
In Security Editor:
Assign the Secondary Role only to a user:
Adding the secondary role inherits all of the other roles.
Magic Permission - Breaking Inheritance
Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
Reviewing our Work
Base Author Role
You can see here that Base Author Role only has access to the items that we gave it above.
Headmaster Editor Role
But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
In Summary
The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
add a comment |
Use Role Inheritance
Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.
Creating the Base Role
For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:
And in Security Editor:
Creating the Secondary Role
So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
In Security Editor:
Assign the Secondary Role only to a user:
Adding the secondary role inherits all of the other roles.
Magic Permission - Breaking Inheritance
Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
Reviewing our Work
Base Author Role
You can see here that Base Author Role only has access to the items that we gave it above.
Headmaster Editor Role
But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
In Summary
The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
add a comment |
Use Role Inheritance
Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.
Creating the Base Role
For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:
And in Security Editor:
Creating the Secondary Role
So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
In Security Editor:
Assign the Secondary Role only to a user:
Adding the secondary role inherits all of the other roles.
Magic Permission - Breaking Inheritance
Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
Reviewing our Work
Base Author Role
You can see here that Base Author Role only has access to the items that we gave it above.
Headmaster Editor Role
But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
In Summary
The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
Use Role Inheritance
Your existing roles, which contain the shared access rules that are common among all of the secondary roles, should be members of the secondary roles.
Creating the Base Role
For example, let's say that your Base Role, we'll call it "Base Author" has access to all of the Media Libary, and all of your shared content. This will include all of the shared items and Sitecore default roles (as members) that are common among all of the secondary roles. So it might look something like this:
And in Security Editor:
Creating the Secondary Role
So for the purposes of this example, I'm going to call my role "Headmaster Editor". It's a member of the Base Author role.
In Security Editor:
Assign the Secondary Role only to a user:
Adding the secondary role inherits all of the other roles.
Magic Permission - Breaking Inheritance
Breaking the Inheritance of Descendants makes it possible to prevent any access to any content item UNLESS it has been given a Green Check mark in Security editor. Sitecore's role security is strict on "Red X's" for preventing access. Once a role has a Red X, it doesn't matter if other roles have Green Checkmarks, that user won't have access. So, instead of doling out Red X's, break the inheritance, and then only provide given access via Green Checkmarks. I do this by taking the sitecore/Author role, which is out of the box, and breaking the descendent inheritance on the /sitecore/content item.
Reviewing our Work
Base Author Role
You can see here that Base Author Role only has access to the items that we gave it above.
Headmaster Editor Role
But that the Headmaster Role has everything in the Base + Plus the content from the Headmaster Role.
In Summary
The art and magic of role permissions is to be as simple as possible. If you're checking boxes all over the place and using red x's all over the place, you're doing it wrong. Keep it simple.
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
answered 3 hours ago
Pete NavarraPete Navarra
11.2k2675
11.2k2675
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
add a comment |
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
1
1
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
Part of the issue is that the "base" user that I'm setting up has full access to most areas, whereas the secondary user would only have full access to certain subitems and only read access to the higher level items. I guess I'll have to play with the inheritance access right a little, maybe you are right in that this can be done fairly easily just with that... I do have a "Base" role that all users get which restrict inheritance rights on most items. Will see what I can do once I have the branch template working well...
– Levi Wallach
2 hours ago
add a comment |
Thanks for contributing an answer to Sitecore Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f17766%2fany-way-to-transfer-all-permissions-from-one-role-to-another%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you want to move permissions from Role A to Role B on particular items? So before the operation Role A has Read/Write and after only Role B has Read/Write? Or something more complex?
– Marek Musielak
3 hours ago
2
You would need a script, since security permissions are written as strings to the relevant items. However you could make Role B a member of Role A for the same effect - using Sitecore's Roles-in-Roles feature.
– Mark Cassidy♦
3 hours ago
@MarekMusielak, Role A has permissions for x number of items, at then end of the process Role A and Role B would have permissions on all those same items - the exact same permissions would be for each. Once that is done, I would then go into Role Manager and make some small alterations in Role B's permssions.
– Levi Wallach
3 hours ago
@MarkCassidy, by script do you mean a sql script or powershell? I can't make Role B a member of role A becuase I would then have to overwrite a bunch of permissions for Role B. Basically Role A will have full access to some global level items as well as for sub items, Role B will have full permissions just for subitems, and just read access to global level items. So my thinking was copy the global permissions to B, then just remove all the write/delete/create permissions to the global items.
– Levi Wallach
3 hours ago