Return to doc.sitecore.com

  Access Permissions
Prev Next
Print this page (opens in new window) Print

The most noticeable change to security is that often you don’t need to think about it – all security checks are handled implicitly by Sitecore API.   

When rendering a page, you don’t have to check whether a user can access the current item – the user will not be allowed to see the page in the first place.  

When retrieving an item or item collection you don’t need to remember to check the security: Sitecore will only return items that the current user is allowed to see.  

It is possible to temporary switch the security off to regain Sitecore V4 semantics:

using (new SecurityDisabler())
{

   Item secure = database.Items[“/sitecore/content/home/secure”];
}  

To explicitly check the security assignments there’s a helper method for each operation:

item.Access.CanRead()

item.Access.CanWrite()

...  

Note that a list of possible assignments was changed in Sitecore V5. In particular, ‘Admin’, ‘Approve’, ‘Publish’ and ‘None’ were removed. ‘Administer’ assignment controls whether a user can modify security assignments. 

Sitecore V4

Sitecore V5

Sitecore.Security, Sitecore.ExtranetSecurity

Sitecore.Context.Security


Prev Next