管理 Sitecore 6.4 克隆的安全性

发布于 2024-10-29 18:35:20 字数 433 浏览 4 评论 0原文

我有两种类型的网站。第一个是数据站点,包含大量项目,并集中更新。第二个是第一个的克隆,本地管理员可以对其进行修改以反映本地需求。

我希望我的本地管理员能够批准从数据站点推送的更改,但不能访问任何安全工具(对所有站点进行集中管理)。因此,我为我的数据站点分配了角色,为我的克隆站点分配了不同的角色。我的本地站点管理员应该只有数据站点的读取访问权限。

问题是,虽然我已经删除了本地管理员对安全工具的访问权限,但如果他们克隆的数据站点项目之一的项目安全性发生更改,那么这将作为他们可以审查的更改推送给他们/接受/拒绝。我的本地管理员没有对本地克隆站点的“管理”访问权限,因此他们不应该能够执行此操作。但是,他们可以接受更改,在这种情况下,他们的克隆现在将具有与其克隆的项目相同的访问设置。这实际上意味着我的本地管理员现在只有对克隆的只读访问权限。

有什么方法可以关闭此功能,同时仍然允许本地管理员接受内容更改?

I have 2 types of site. The first is a data site, containing lots of items, updated centrally. The 2nd is a clone of the first, which can be modified by local admin to reflect local needs.

I want my local admin to be able to approve changes pushed through from the data site, but not to have access to any security tools (managed centrally for all sites). So I have roles for my data site and different roles for my cloned sites. My local site admins should only have read acess to the data site.

The problem is, that though I've removed access to security tools for my local admins, if there is a change to item security for one of the data site items they've cloned then this is pushed to them as a change they can review/accept/reject. My local admins don't have "administrate" access to the local clone site so they shouldn't be able to do this. However, they can accept the change, in which case their clone will now have the same access settings as the item it was cloned from. This actually means that my local admin now only has read-only access to the clone.

Is there any way to turn this off, while still allowing local admins to accept content changes?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

清旖 2024-11-05 18:35:20

回答我自己的问题

有人建议我将此报告为错误。无权设置安全性的用户不应能够批准或拒绝对安全性的更改,因此我将获得支持票证。

我确实有一个用于我自己的实现的解决方法

所有安全设置都基于继承,没有明确禁止任何操作。要获得对权限的访问权限,必须明确向用户/角色授予该权限或从内容树中较高的项目继承该权限。如果我将克隆站点和源站点在树中下移一个级别,为每个站点创建一个文件夹,那么我可以在源项目的文件夹上设置安全性,但覆盖克隆站点的主项目的安全性(源的主项目)站点永远不会有要覆盖的显式安全设置。

编辑:收到支持人员的回复。他们认为这是“预期行为”:

“克隆”是“主”项和“从”项之间的一种特殊关系,比“代理”项更有信心。

在我看来,这是安全配置的一个相当大的限制,并且与 Sitecore 安全架构的其余部分直接冲突。

Answering my own question

I've been recommended to report this as a bug. A user that has no access to set security shouldn't be able to approve or reject changes to security, so I'll get a support ticket.

I do have a workaround for my own implementation:

All security settings are based on inheritance, no actions are explicitly forbidden. To gain access to a right a user/role must be granted it explicitly or inherit it from an item higher up the content tree. If I move both clone and source sites down a level in the tree, creating a folder for each, then I can set security on the folder of the source items but overwriting security on the home item of the clone site the home item of the source site will never have explicit security settings to overwrite.

EDIT: Heard back from support. They consider this "Expected behaviour":

"Clone" is a special relation between "master" item and "slave" items that allows more confidence than "Proxy" one does.

That's quite a big restriction in security configuration imo, and is in direct conflict with the rest of the Sitecore security architecture.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文