Return to doc.sitecore.com

Valid for Sitecore 5.3, 5.2, 5.1.1
4.  Security Classes
Prev Next

The Sitecore Security Model defines which Users have access rights to content and infrastructure Items managed by Sitecore.  The Sitecore.SecurityModel namespace includes a number of classes that simplify using the model.

Use the ItemAccess class, available via the Item.Access member, to check whether the current User has specific access rights for a specific Item.  Use the SecuritySwitcher class to impersonate another User and assume their access rights.  The UserItem and RoleItem classes encapsulate the User and Role Items in a Sitecore Domain.

4.1.  Sitecore.SecurityModel.ItemAccess

The ItemAccess class, available via the Item.Access member, includes a number of member functions which calculate whether the current user has been assigned a specific access right for a specific Item.  The methods check all appropriate settings, including the roles the User has been assigned, access right inheritance, Workflow settings, and Item Locking.

The commonly used class members include:

CanAdd

Returns true if the current User has appropriate access rights to create a new Item based on the provided Master or Template ID.

CanAdmin

Returns true if the current User has the appropriate access rights to change the access rights of the current Item.

CanCopyTo

Returns true if the current User has the appropriate access rights to copy the current Item to the given destination (the User must have Read access rights for the current Item and Create access rights for the destination Item).

CanCreate

Returns true if the current User has the appropriate access rights to create children under the current Item.

CanDelete

Returns true if the current User has the appropriate access rights to delete the current Item.

CanDuplicate

Returns true if the current User has the appropriate access rights to create a duplicate copy of the current Item (the User must have Read access rights for the current Item and Create access rights on the Item’s parent).

CanMoveTo

Returns true if the current User has the appropriate access rights to move the Item to the provided destination Item (the User must have Read and Delete access rights on the current Item and Create access rights on the destination Item).

CanRead

Returns true if the current User has the appropriate access rights to read the Item.

CanRename

Returns true if the current User has the appropriate access rights to rename the Item.

CanWrite

Returns true if the current User has the appropriate access rights to modify the contents of the Item.

4.2.  Sitecore.SecurityModel.RoleItem

The RoleItem represents a Role.

4.3.  Sitecore.SecurityModel.SecuritySwitcher

Temporarily impersonates the User provided as a parameter to the constructor.

4.4.  Sitecore.SecurityModel.UserItem

The UserItem class represents a User.  The class contains a number of members which describe the User.

The commonly used class members include:

ClientLanguage

The default Sitecore Client language for this User as an ISO code string.

ContentLanguage

The default language to display in the Content Editor for this User as an ISO code string.

Email

The User’s Email address.

Fullname

The User’s full name.

IsAdministrator

True if this user is an Administrator.

LoginName

The name the User must provide to access the system.

Roles

The Roles associated with this User as a Sitecore.SecurityModel.RolesField.


Prev Next