Viewing and clearing all user specific permissions in Sitecore

3
votes

We are cleaning up the permissions in our Sitecore instance and we are running in to users that were granted specific access over the years. Now I would like to put all of our permissions in to roles and only grant rights via roles.

Is there a way to see the rights specifically assigned to a user? We have a small enough number of users that I could fix this manually, but the security viewer shows the cumulative permissions from user rights and role rights.

3
sitecoresitecore6
This is an interesting question. You could probably write a query to check for a specific user ID in the __Security field. I'll go try this...Bryan

3 Answers

4
votes

The query idea actually worked. So you can use Xpath Builder (in Dev Center) for this. It will be a little slow, but gives you the items:

/sitecore/content/myRoot//*[contains(@__Security,'username')]

2
votes

Josh, I just released a little script that should help you get moving on this. This script will show you all values of the __security field and allow you to reset them all. You will need to modify to reset for a specific user.

http://seankearney.com/post/Sitecore-Security-Report-and-Reset.aspx

1
votes

Figured I would throw this out there after some testing with Rocks.

You can report on security from Sitecore Rocks (as mentioned in my comment to Bryan):

select @@ID as ID, @@Name as Name, @@Path as Path, @__Security from /sitecore/content/home//*[contains(@__Security,'xxxx')];

You can also reset the security field with a query too!

update set @__Security = "" from /sitecore/content/home//*[contains(@__Security,'xxxx')];