Access Management or Security Tools

The Access Management or Security Tools are an important module of Sitecore. It helps handle access rights for users, their roles, and domains using Security Editor. This module focuses on tools like User Manager, Security Editor, Access Viewer, Domain Manager, and Role Manager.

Sitecore gives website administrators a lot of control over what users can see on the site. It does this by using:

User accounts and roles for security, setting access rights for different items, following rules to sort out any conflicts in access rights.

Domain Manager

Domain Manager is a tool for creating and managing domains. With the help of Domain Manager, we can:

? Create, edit and delete domains.

? Decide if the domains should be global or managed locally.

? Access other security tools from within the Domain Manager.

This is the master page that manages the domain but is used when creating a user. A Sitecore domain is a collection of security accounts (users and roles) that you can administer as a unit with common rules and procedures. A domain is used to collect security accounts that have some logical relationship, for example, all the accounts that have access to use the Sitecore clients could be stored in the Sitecore domain, whereas all the accounts with access to the published website could be stored in the Extranet domain.

Sitecore has three default domains:

1. Extranet: Handles website security, user accounts for website visitors, and read access roles for website content. Users in Extranet may also access Sitecore if they belong to relevant roles like Sitecore Client Authoring.

2. Sitecore: An internal domain for Sitecore clients, containing users with access to client tools and roles that determine available functionalities. Users in Sitecore may edit the website content if granted access rights and potentially access Extranet based on domain and login page setup.

3. Default: A virtual domain existing only in memory. Typically, set as Extranet, it assigns most users to extranet\anonymous. If not specified, users default to default\anonymous.

All domains include an Anonymous user and an Everyone role, with Everyone encompassing all users and the Anonymous user in the domain. While users usually belong to roles within their domain, they can be in roles across domains, and roles can span multiple domains.

Domain Types:

? Global domains: Users can access all system domains based on configuration by the security architect.

? Locally managed domains: Users are limited to a specific domain and cannot access others. A local administrator maintains these domains, and users within a locally managed domain only see accounts within that domain.

User Manager

The User Manager allows you to create and manage users who can access your system. With the User Manager, you can:

? Create, edit, and delete users

? Change user passwords

? Enable and disable users

? Lock and unlock users

? Access other security tools

? Reset settings

? Role Manager, Domain Manager, Access Viewer, Security Editor

1. New: This allows you to create a new user by providing necessary details such as username, email, password, etc.

To make a new user, click the "New" button at the top left. You'll need to fill in the required fields: User name, Domain, Email, Password, and Confirm Password.

Now click Next button

User has been successfully created.

2. Edit User: You can modify the details of an existing user, such as their username, email, or associated roles, profile, and language settings. To edit a user you've selected, click the "Edit" button located at the top left.

3. Delete: This option allows you to permanently remove a user from the system.

4. Change password: Enables you to update a user's password. You'll typically need to provide the old password along with the new one. To change your password, type in your old password, your new password, and confirm the new password. Then, click "OK." Your password will be updated. If you don't know the old password, you can create a new password by generating a random one using the "Generate" button.

5. Reset Settings: Resets the user's settings to their default values.

6. Disable: Temporarily disables a user's account, preventing them from logging in until re-enabled.

7. Enable: Re-enables a previously disabled user account, allowing them to log in again.

8. Unlock: Unlocks a user's account if it has been locked due to multiple failed login attempts.

9. Lock: Locks a user's account, preventing further login attempts. This could be useful for security reasons or during investigations.

10. Role Manager: This option allows you to manage roles, which define the permissions and access levels granted to users.

11. Domain Manager: You can manage domains, which are logical groupings of users and roles with shared access rights, using this option.

12. Access Viewer: Enables viewing of access rights for users and roles.

13. Security Editor: Provides tools for editing security settings and permissions.

Role Manager

The Role Manager allows you to create and manage roles assigned to your security accounts (users and roles). With the Role Manager, you can:

? Create and delete roles.

? Add or remove users and roles as members of a role.

? Access other security tools.

The Role Manager in Sitecore is a tool used for managing user roles within the system. In Sitecore , roles serve as the master architects, outlining permission blueprints. They determine access, ensuring your website content remains structured and protected. Instead of individually managing each person, roles group users according to their roles. Editors, admins, marketers—all receive access tailored to their responsibilities.

The Sitecore roles you listed serve various purposes and grant different levels of access and permissions within the Sitecore platform:

1. sitecore\Author: Allows users to create and edit content items.

2. sitecore\Designer: Grants access to design features within the Sitecore Client, allowing users to create and modify templates, layouts, and other design elements.

3. sitecore\Developer: Provides access to development tools and features within Sitecore, such as the Developer Center and debugging tools.

4. sitecore\Forms Data Administrator: Enables management of data for Sitecore Forms.

5. sitecore\Forms Editor: Allows editing and management of Sitecore Forms.

6. sitecore\Forms Publisher: Grants publishing permissions for Sitecore Forms.

7. sitecore\JSS Import Service Users: Used by the Sitecore JavaScript Services (JSS) to import data.

8. sitecore\PowerShell Extensions Remoting: Provides remote access for PowerShell Extensions.

9. sitecore\Sitecore Client Account Managing: Allows management of Sitecore client accounts.

10. sitecore\Sitecore Client Advanced Publishing: Grants advanced publishing capabilities within the Sitecore Client.

11. sitecore\Sitecore Client Authoring: Provides access to content authoring features within the Sitecore Client.

12. sitecore\Sitecore Client Bucket Management: Enables management of bucketed items within the Sitecore Client.

13. sitecore\Sitecore Client Configuring: Allows configuration tasks within the Sitecore Client.

14. sitecore\Sitecore Client Designing: Grants access to design features within the Sitecore Client.

15. sitecore\Sitecore Client Developing: Provides access to development tools and features within the Sitecore Client.

16. sitecore\Sitecore Client Maintaining: Allows maintenance tasks within the Sitecore Client.

17. sitecore\Sitecore Client Publishing: Grants publishing permissions within the Sitecore Client.

18. sitecore\Sitecore Client Securing: Enables security configuration within the Sitecore Client.

19. sitecore\Sitecore Client Translating: Allows translation tasks within the Sitecore Client.

20. sitecore\Sitecore Client Users: Provides access to the Sitecore Client for regular users.

21. sitecore\Sitecore Limited Content Editor: Limits content editing capabilities within the Sitecore Client.

22. sitecore\Sitecore Limited Page Editor: Limits page editing capabilities within the Sitecore Client.

23. sitecore\Sitecore Local Administrators: Grants local administrative permissions within Sitecore.

24. sitecore\Sitecore Minimal Page Editor: Provides minimal page editing capabilities within the Sitecore Client.

Each role serves a specific purpose and grants appropriate access and permissions to users based on their responsibilities within the Sitecore environment.

Here's a breakdown of its functionalities:

1. New: This option allows you to create a new role within Sitecore. You can define the name, description, and other properties of the role.

2. Delete: Enables you to remove an existing role from the system.

3. Member: This option allows you to add users to a role, assigning them the permissions and access rights associated with that role.

4. Member of: Shows you the roles to which a particular user belongs. It provides visibility into a user's role memberships.

5. Domains: Allows you to specify the domain or scope within which the role operates. Domains define the context in which roles and users exist.

6. Users: Provides a list of users who are members of the selected role. It allows for easy management and overview of role memberships.

7. Access Viewer: This feature enables you to view the access rights and permissions associated with a particular role. It helps in understanding the level of access granted to users within the role

8. Security Editor: The Security Editor within Role Manager allows for fine-tuning of security settings and permissions associated with a role. It provides granular control over access rights, allowing administrators to customize security configurations according to their requirements

Access Viewer

The Access Viewer allows you to review the access rights assigned to your security accounts.

In the Access Viewer, you can:

? Review the access rights assigned to security accounts for each item in the content tree.

? Understand how the current settings have been resolved.

? Access the Security Editor and the User Manager for further management.

The Access Viewer in Sitecore provides several options for managing access rights:

3. Account: This option allows you to select a specific user account or role to view their access rights.

4. Role and Users: Enables you to toggle between viewing access rights for roles and individual users.

5. Assign: Allows you to assign specific access rights to the selected user account or role.

6. Columns: Provides options to customize the display of access rights columns, allowing you to choose which columns to display.

7. Security Editor: This option allows you to access the Security Editor directly from the Access Viewer. The Security Editor is used for more detailed management of access rights.

8. User Manager: Similarly, you can access the User Manager directly from the Access Viewer. The User Manager is used for managing user accounts and their associated roles and permissions.

Security Editor

The Security Editor allows you to set the access rights for roles and users on items in the content tree.

In the Security Editor, you can:

? Assign access rights to your security accounts.

? Protect and unprotect items.

? Access the Access Viewer and the User Manager for further management.

The options in the Security Editor serve various purposes for managing security settings:

1. Account: This option likely refers to the ability to manage user accounts within the Security Editor, allowing you to view and modify user-specific security settings.

2. Role and Users: This option allows you to manage both roles and individual users, granting or revoking access rights as needed.

3. Assign: The Assign option likely enables you to assign specific access rights to roles or users for selected items in the content tree.

4. Columns: This option likely allows you to customize the columns displayed in the Security Editor, providing flexibility in how security information is presented.

5. Protect Item: This functionality allows you to mark certain items as protected, which restricts modifications or access to those items by unauthorized users.

6. Presets: Presets may refer to predefined sets of security settings or permissions that can be applied to items or areas within the content tree, streamlining the security configuration process.

7. Access Viewer: This option likely provides a quick way to access the Access Viewer tool, allowing you to review the access rights assigned to security accounts for specific items or areas within the content tree.

8. User Manager: This feature allows you to access the User Manager tool directly from the Security Editor interface, facilitating management of user accounts and permissions in conjunction with security settings.