Return to doc.sitecore.com

Valid for Sitecore 6.x
Security Administrator's Cookbook

The Security Administrator’s Cookbook is designed to give security administrators the information they need to administer security in Sitecore. This cookbook is primarily aimed at introducing new security administrators to the tools that Sitecore contains. However, the procedures described in this document will also be beneficial for more experienced and security administrators who are unfamiliar with the tools that Sitecore contains.

Click the respective link to download the whole document for Sitecore CMS 6.0-6.6:

Table of Contents

Security in Sitecore 
    Security Accounts 
        Users and Roles 
        Access Rights 
        Inheritance 
    Security Tools
        User Manager 
        Role Manager
        Security Editor 
        Access Viewer 
        Domain Manager 
        Content Editor — Security
Creating and Managing Users 
    Creating a User in the User Manager 
    Managing a User 
        Editing a User 
        Assigning a Role to a User 
        Removing a User from a Role 
        Deleting a User
Creating and Managing Roles 
    Creating a Role in the Role Manager 
    Managing a Role 
        Assigning a User to a Role 
        Assigning a Role to a Role 
        Assigning this Role to another Role
        Deleting a Role
Assigning and Reviewing Access Rights 
    User’s, Roles, and Access Rights
    Assigning Access Rights 
        Getting an Overview of the Access Rights Assigned to a Role
        Assigning Access Rights to a Role 
        Denying a Role Access Rights to an Item 
            Explicitly Denying Access Rights to a Role 
    Using Inheritance to Control Access Rights 
        Inheritance — Granting Access Rights to an Item and Denying them to Descendents 
        Inheritance — Denying Access Rights to an Item and Granting them to Descendents 
            Access Rights Control Functionality 
    How Sitecore Evaluates Access Rights 
            Evaluating Access Rights 
            Evaluating Inheritance Settings
            Inheritance and the User’s Security Account 
    Analyzing the Security System
        The Access Rights Assigned to a Security Account 
        The Roles that a User is a Member Of 
        The Members of a Role 
        The Roles that a Role is a Member Of 
            Changing the Roles that a Security Account is a Members Of 
        The Security Accounts that have Access Rights to an Item 
            Changing the Security Accounts that have Access Rights to an Item 
    Deleting Security Accounts 
Domains 
    The Domain Manager 
        Creating a Domain 
            Assigning Security Accounts to a Domain 
        Editing a Domain 
        Deleting a Domain
Security Accounts & Passwords 
    Managing a User’s Security Account 
        Passwords 
            Assigning a Password to a New User 
            Changing Your Password 
        Forgotten Passwords 
            Getting Locked Out 
            Changing the Password of a User who has forgotten their Password
        Unlocking a User’s Security Account 
        Disabling and Enabling a User 
        Editing a User’s Security Account 
    Specifying Security Settings 
        Password Policy 
        Enabling the Forgot Your Password E-mail
Best Practices 
    Best Practices 
        Only Assign Access Rights to Roles and Not to Users 
        Don’t Make Roles Domain Specific 
        Don’t Specifically Deny Access Rights — Use Inheritance