Sitecore Core Development

Wednesday, April 05, 2006

Client Roles

Sitecore 5.3 introduces seven new security roles that determines how the Sitecore Client appears. While we have previously used the roles Editor, Webmaster and Developer, we realized that we needed something a little more fine-grained. Also the Editor, Webmaster and Developer was used to specify access to content items which meant a mix-up between Client capabilities and security rights to content items.

The new roles makes this much cleaner and easier to setup. And without further ado: the seven new roles are:
  1. Sitecore Client Authoring
  2. Sitecore Client Configuring
  3. Sitecore Client Translating
  4. Sitecore Client Publishing
  5. Sitecore Client Securing
  6. Sitecore Client Maintaining
  7. Sitecore Client Developing

The name have been chosen very carefully. We needed to indicate that these roles are used in the client and not with content items, and we also needed to give them a sort of capability ring, so that you could have an Editor with Authoring and Publishing capabilities.

The customer can piece together their security roles from our standard Client roles. A typical Editor would have Authoring and Publishing while a developer would have Authoring, Configuring, Maintaining and Developing. It is important to notice that only the Security Officer should have the Securing role. Kerry has a Word document with a matrix that shows exactly which features each role controls.

There were some talks about other roles, e.g Previewing and Archiving, but we decided on simplicity and seven roles seems like an upper-limit on that.

I just finished setting up the client with these roles, and I am fairly impressed with it. The new UI really makes it easy to see what each role is about, and the combination of roles seems very powerful and easy to use.

This has always been an area where Sitecore has been lacking and it nice to see that it is finally taking shape.

4 Comments:

  • Hello,

    This seems like an excellent idea. Ive spent countless hours configuring the Sitecore client security and it seems like you always miss some settings.

    However, I also started thinking about how this would affect solutions using the LDAP-module, and came to the conclusion that it won't, which is a shame. If you use the LDAP module you would still have to spend lots of time configuring client security for every role that you add from the AD.

    A solution to this could be if you could have roles that are members of other roles, so that, for example, it would be possible to define that the "Users" role would implicitly have all the security definitions of the "Sitecore Client Authoring" and "Sitecore Client Publishing" roles. This would also alleviate some of the administrative burden associated with applying multiple roles (Sitecore client and content) to each user, instead you could create a single role that inherits all the security settings of neccessary roles.

    By Anonymous Anonymous, at 7:16 AM  

  • Hi Patrik

    Ole has actually implemented roles in roles which I think is exactly what you want.

    We just do not have any UI for it and it is not on the roadmap for 5.3 which is as you say a shame.

    Perhaps we will get a dispension and can do the UI for it.

    By Blogger JakobChristensen, at 5:33 AM  

  • Allright, I think that is exactly what I meant.

    Good to see that you are one step ahead.

    By Anonymous Anonymous, at 6:32 AM  

  • sitecore developers- do you guys keep a databse of developers as I need one in the UK , Midlands in the UK for a digital media agency.
    Any help appreciated and success rewarded!

    By Anonymous Anonymous, at 9:56 AM  

Post a Comment

<< Home