Sitecore 8 Admin role: Lock access

0
votes

I have two users say: Messi and Ronaldo. Both have the sitecore Admin roles. I was just playing around with them and got to see that Messi can override Ronaldo's actions on a certain item. Is this because both are admin roles and have the right to override any access to any item in sitecore ?

That is, if Ronaldo has locked an item in sitecore content tree then Messi can change-publish-relock the same item!! The message "Ronaldo has locked this item" is just a note.

Is this behavior correct (sitecore inbuilt)? where can we observe the code that is responsible for such behavior?

This is not the case with a user with Author role trying to override Admin locks.The author is displayed with the message "You cannot edit this item because 'Admin' has locked it."

All suggestions accepted.

2
lockingsitecorerolessitecore7sitecore8
Admin user can do everything in Sitecore. Admin users should not be used for editing content.Marek Musielak
Yea. This is the reason they are admins. Thank you. Just wanted to confirm this. Also, where can i see this code as i need to apply same for a custom role ?Prathamesh dhanawade
From what I know, you can't access or change this code. This is built in Sitecore functionality.Marek Musielak
Alright. I dont want to change any code...just refer it and reuse for my custom role.Prathamesh dhanawade
Just you download a copy of dotPeek and start digging. It's exactly the same thing that any of us will be doing for you essentially.jammykam

2 Answers

2
votes

As mentioned in the comments, Sitecore Administrators can do anything. That's not because they have unlimited access set up, but because when someone is an administrator the entire access will be ignored (similar to using a SecurityDisabler() in code).
That's a big difference, it means that even when denying access rights to someone in the administrator role that will be ignored.

Again, as mentioned in the comments, this includes things such as locking, but also workflow - normally when something is in the final state of a workflow Sitecore will make sure to create a new version when you start editing. This will not happen with an administrator - they will just edit the final version.

Needless to say, this is not recommended practice (for editors), instead you should create a new role (or multiple new roles) to set up the correct access rights.

1
votes

I also observed the same behaviour, that if 2 admins are trying to access the same item, irrespective of their workflow state, the version remains the same.

But is there any other Out-of-the-Box feature or setting that could allow for versions to be created if the item is in the final state, irrespective of who edits the item.

Egds, Manu