Skip to main content

Security actions

Abstract

Understanding security actions as part of Sitecore's security model.

Security actions are selected default save actions that create or edit users or roles in Sitecore’s security model.

Security actions include the following default save actions:

  • Create User

  • Edit Role Membership

  • User Login

  • User Login with Password

  • User Logout

  • Change password

Because security actions can affect user information, it is useful to have the ability to register audit information in the user profile to record what actions have been performed.

All of the security actions contain the Save Audit Information to: drop-down list, which lists the field in a user profile to which audit information can be written.

230855E276EE481C97C0151C61686858.png

By default, all rich text, html, text, memo, multi-line text, and single-line text fields can be used to register audit information. The field types in which audit information can be registered, can be configured using the WFM.AuditAllowedTypes setting in the Sitecore.Forms.config file:

<setting name="WFM.AuditAllowedTypes" value="|Rich Text|html|text|Multi-Line Text|Single-Line Text|memo|" />

All user profiles are items in the Core database in the /sitecore/System/Settings/Security/Profiles folder.

73229EB0F5574B439066333D2AFA59B1.png

The Visitor profile is used by default. Each form item has a reference to this user profile in the User Profile field.