Insights

Setting Up SXA Role Security

Setting up SXA Role Security

One step that each administrator should do after setting up an SXA site is to determine the security and roles needed. In a typical site, this would involve identifying users and applying the appropriate Sitecore roles. For example, Sitecore Author.

In the case of a Sitecore SXA site, this involves setting up the Tenant role security along with the Site role security.

It's important to do this in the beginning as the security for the appropriate Home, Data, Media nodes and subsequent content will inherit it.

Role Domain

Before we can setup the security roles, we need to determine if they will exist within the sitecore domain, or another domain entirely. We do this using the Domain Manager. It's particularly useful when you are hosting multiple sites with different groups of people authoring them independently.

Domain Manager in the menu in Sitecore.

We can then create and edit existing domains to suit our needs.

Domain Manager window in Sitecore.

Tenant Security

Once we have determined the appropriate domain for the roles to exist in, we can proceed with creating the security for both the Tenant and the Site.

Setting up the Tenant involves right-clicking on the Tenant node and selecting Setup Security as shown below.

Set up security menu.

After selecting the domain we want to use, we're then presented with the role breakdown with the names of each role. My recommendation is use the predefined roles.

Sitecore tenant security roles modal.

Site Security

Similarly to how the Tenant roles were setup, we right-click on the Site node and under Scripts select Setup Security. We have to ensure the Tenant security is setup first, otherwise you will be prompted to do so.

Sitecore site security roles modal.

Roles

The difference between what an Admin, Author, Designer, and Member have write access to. I've summarized them below.

  • Admin - write access to either the Tenant or Site including the Settings folder which no other role has access to.
  • Designer - write access to the media and presentation areas, but not content of the site itself.
  • Author - write access to the content, media, data and presentation areas.
  • Member - write access to appropriate media folders.

The full breakdown of what each role has read/write access to can be found here.

Hey, Developers!

We're on the look out for talented developers to join our team.

Think you have what it takes?