Return to doc.sitecore.com

  Access Permissions
Prev Next

The most noticeable change to security is that often you don’t need to think about it – all security checks are handled implicitly by Sitecore API.   

When rendering a page, you don’t have to check whether a user can access the current item – the user will not be allowed to see the page in the first place.  

When retrieving an item or item collection you don’t need to remember to check the security: Sitecore will only return items that the current user is allowed to see.  

It is possible to temporary switch the security off to regain Sitecore V4 semantics:

using (new SecurityDisabler())
{

   Item secure = database.Items[“/sitecore/content/home/secure”];
}
 

To explicitly check the security assignments there’s a helper method for each operation:

item.Access.CanRead()

item.Access.CanWrite()

...  

Note that a list of possible assignments was changed in Sitecore V5. In particular, ‘Admin’, ‘Approve’, ‘Publish’ and ‘None’ were removed. ‘Administer’ assignment controls whether a user can modify security assignments. 

Sitecore V4

Sitecore V5

Sitecore.Security, Sitecore.ExtranetSecurity

Sitecore.Context.Security


Prev Next