How To Clone A Security Role In Sitecore

Cloning A Security Role In Sitecore

Let's face it, at some point in your Sitecore career you will be asked to "clone" a security role. And by that, I mean creating a new group with the same memberships as another.

This might not seem like much and in most cases, you can do this with a few clicks. What if the role you're "cloning" has 30+ memberships as you are utilizing AD role integration? Uh yeah, no thank you. It'd be a tedious process and we don't have the time for that.

Steps To Clone A Security Role

So out-of-the-box Sitecore does not have any method for cloning which is unfortunate but this method I've found to make it easier. I should note, that before doing any of these changes I fully recommend taking a snapshot/package of your existing security roles prior to doing the change.

Step 1

Create the new role you want. It's important to have the role in the system before proceeding.

Step 2

Open up the Role Manager, and on the right side click Serialize All Roles. This will store all the roles, in text files, under \App_Data\serialization\security.

Step 3

If you open up one of these roles, you'll see two pieces of data. The name and the rolename. The name pertains to the role you're looking at. And rolename is the member of that role.

----role----
name: sitecore\Sitecore Client Users

----role-in-role----
rolename: sitecore\Analytics Content Profiling

----role-in-role----
rolename: sitecore\Analytics Maintaining

----role-in-role----
rolename: sitecore\Analytics Personalization

----role-in-role----
rolename: sitecore\Analytics Reporting

----role-in-role----
rolename: sitecore\Analytics Testing

It's important to understand that the membership for what a role is a part of is not stored in that custom group but rather as a member of the role it's in. Feels a bit backwards we know, but that's how it's done.

For example. If you have a custom role that's a member of 20 other roles, if you were to open up that custom role you won't see anything listed other than the name. You have to open up each role it's a member of to see it listed, which is why cloning is such a pain.

Step 4

So how does cloning work? Good old search and replace. For example, if the role you are cloning is called sitecore\Custom Role A and the role you created in Step 1 is called sitecore\Custom Role B you're going to do a search and replace it in files. Tools like Notepad ++ and VS Code have this capability.

Search for:

----role-in-role----
rolename: sitecore\Custom Role A

Replace within files:

----role-in-role----
rolename: sitecore\Custom Role A

----role-in-role----
rolename: sitecore\Custom Role B

This will add Custom Role B to all the security roles that Custom Role A is a member of.

Now we just need to get it back into Sitecore.

Step 5

Open up Role Manager again and this time click Revert All Roles. It will prompt you what the import will do.

Once the process is done, open up the membership of your new role and you should see all the roles it's a member of listed.