SlideShare a Scribd company logo

Sitecore Security Overview

Download as PPTX, PDF
Randy Woods, profile picture
Randy Woods

This document provides an overview of Sitecore security concepts and interfaces. It discusses users and roles, and how access rights can be assigned to both. It also covers domains, and how security can be applied globally or locally within a domain. The document outlines how security inheritance works for content items and workflows. It describes security interfaces like the user manager, role manager, and domain manager. It also discusses planning security for features and websites, and integrating with external user repositories.

Technology
1 of 23
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
SITECORE SECURITY
Glen McInnis Vice President Nonlinear Creations Inc. glen@nonlinear.ca
01 Overview 03 User Repositories Non-Sitecore 04 Planning Security 02 Security Interfaces Administrator’s Guide toSitecore
Sitecore Security Concepts • Users. A user account in Sitecore contains details about the user name, domain, email, and password. You can (but should not) assign access rights directly to a user account. • Roles. A collection of users or a collection of users and other roles. You can use roles to assign access rights to groups of users by making them a member of a role. • Domains. a collection of security accounts (users and roles) that you can administer as a unit with common rules and procedures
Domains • Default domains: • Sitecore – contains CMS users (content authors) • Extranet – users of the published site • Default – used when no other domain can be resolved • Each domain contains an Everyone role and an Anonymous user. • Sitecore determines the domain from the context site.
Domain Scope • Global domains - users are able to access all the domains in the system. • Locally managed domains – users can only access a specific domain. A local administrator usually maintains a locally managed domain. Users that belong to a locally managed domain will only see security accounts that belong in the same domain.
Application of Security to Content Authors – Content and Workflow • Security can be set for content items by role (recommended) or user (not recommended). • Security inherits to descendant content until inheritance is broken. • Ability to act on an item is determined by the item security as well as the security set on the current workflow state.
Application of Security to Content Authors – Features • Sitecore has built in roles named “Sitecore Client *” that grant or limit access to Sitecore features. • Any content author must be a member of Sitecore Client Authoring • Sitecore “administrator” should be granted sparingly.
Security and Website Visitors • Visitors to the website are in the “extranet” domain. If users are not logged in they are “extranetanonymous”. • Any security applied to content items will affect the availability and visibility of content on the site for visitors. • This allows for the creation of secure content. Common scenarios are member’s only or premium paid content as well as general portal functionality.
ADMINISTRATOR’S GUIDE TO SITECORE SECURITY INTERFACES
User Manager
Role Manager
Domain Manager *
Security Editor
Access Viewer
NON-SITECORE USER REPOSITORIES
Authenticating with other User Directories • Sitecore implements the ASP.NET security provider model. You can roll your own implementation to connect to your source. • Active Directory Module is supported by Sitecore. Various others exist on the Sitecore Marketplace.
Common User Repositories • Active Directory, ADFS • CRM: Dynamics, Salesforce • AMS: Personify, Aptify • Ecommerce: Insite, Commerce Server
PLANNING SECURITY
Sitecore Security • Interaction between item security, inheritance and workflow security requires consideration during site IA planning. • Item A • Item B • Item C
Sitecore Feature Access • Decide which users can access features. There are over 35 built in roles, but start with basics. • Publication: Sitecore Client Publishing • Translation: Sitecore Client Translation • Security: Sitecore Client Security, Sitecore Account Managing Multisite Tip: Role membership is a user settings – there it their permission in all sites.
THANK YOU Questions? Glen McInnis glen@nonlinear.ca
Contact Us LOCATIONS TORONTO 49 Spadina Avenue Suite201 Toronto, ON M5V 2J1 +1 416 203 2997 NYC 445 BroadHollowRd. Suite25 Melville,NY 11747 +1 631 870 0317 SÃO PAULO Rua Fidalga, 593/603 Suite 16 São Paulo, SP Brazil 05432-070 +55 11 3825 3843 FLORIANÓPOLIS RuaIguaçu, 73 Florianópolis,SC Brazil 88045-610 +55 48 4062 1301 +55 41 4063 9149 OTTAWA 987AWellingtonSt. Suite 201 Ottawa,ON K1Y 2Y1 +1 613 241 2067 +1 877 654 0328

More Related Content

PDF
What's new in Sitecore 9.3
Pieter Brinkman
 
PPTX
Understanding the Sitecore Architecture
Pieter Brinkman
 
PPTX
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
PPTX
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
PPTX
Introduction to Windows Azure AppFabric Applications
Neil Mackenzie
 
PPTX
Windows Azure AppFabric
David Chou
 
PPTX
Securing an Azure Function REST API with Azure Active Directory
Rick van den Bosch
 
PPTX
2 Speed IT powered by Microsoft Azure and Minecraft
Sriram Hariharan
 
What's new in Sitecore 9.3
Pieter Brinkman
 
Understanding the Sitecore Architecture
Pieter Brinkman
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
Introduction to Windows Azure AppFabric Applications
Neil Mackenzie
 
Windows Azure AppFabric
David Chou
 
Securing an Azure Function REST API with Azure Active Directory
Rick van den Bosch
 
2 Speed IT powered by Microsoft Azure and Minecraft
Sriram Hariharan
 

What's hot (20)

PPT
I Planet Overview
rogerkellerman
 
PPTX
Iplanet
Roshan Karunarathna
 
PDF
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2
 
PPTX
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
PPTX
Azure Saturday: External Collaboration With Azure AD B2B
Sjoukje Zaal
 
PDF
Azure API Manegement Introduction and Integeration with BizTalk
Shailesh Dwivedi
 
PPTX
DevSum: Azure AD B2C Application security made easy
Sjoukje Zaal
 
PPTX
Identity Management in SharePoint 2013
SPC Adriatics
 
PPTX
Iam
Microsoft Norge AS
 
PPTX
Real-time web applications using SharePoint, SignalR and Azure Service Bus
Dinusha Kumarasiri
 
PPTX
Dear Azure: External collaboration with Azure AD B2B
Sjoukje Zaal
 
PPTX
SUG Bangalore - Kick Off Session
Anindita Bhattacharya
 
PDF
WSO2 Quarterly Technical Update
WSO2
 
PDF
Introduction to share point 2010 development
Eric Shupps
 
PPTX
ELEKS DevTalks #4: Amazon Web Services Crash Course
Yuriy Guts
 
PPTX
OFM AIA FP Implementation View and Case Study
Sreenivasa Setty
 
PPTX
Why Upgrade to v8.6?
BillCavaUs
 
PDF
Delivering the Promise of SOA - Enterprise Integration Made Easy
WSO2
 
PPTX
Cloud Dev with Azure Functions - DogFoodCon 2018 - Brian T Jackett
Brian T. Jackett
 
PPTX
What's new in Ektron v8.6 for Developers
BillCavaUs
 
I Planet Overview
rogerkellerman
 
Iplanet
Roshan Karunarathna
 
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2
 
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
Azure Saturday: External Collaboration With Azure AD B2B
Sjoukje Zaal
 
Azure API Manegement Introduction and Integeration with BizTalk
Shailesh Dwivedi
 
DevSum: Azure AD B2C Application security made easy
Sjoukje Zaal
 
Identity Management in SharePoint 2013
SPC Adriatics
 
Iam
Microsoft Norge AS
 
Real-time web applications using SharePoint, SignalR and Azure Service Bus
Dinusha Kumarasiri
 
Dear Azure: External collaboration with Azure AD B2B
Sjoukje Zaal
 
SUG Bangalore - Kick Off Session
Anindita Bhattacharya
 
WSO2 Quarterly Technical Update
WSO2
 
Introduction to share point 2010 development
Eric Shupps
 
ELEKS DevTalks #4: Amazon Web Services Crash Course
Yuriy Guts
 
OFM AIA FP Implementation View and Case Study
Sreenivasa Setty
 
Why Upgrade to v8.6?
BillCavaUs
 
Delivering the Promise of SOA - Enterprise Integration Made Easy
WSO2
 
Cloud Dev with Azure Functions - DogFoodCon 2018 - Brian T Jackett
Brian T. Jackett
 
What's new in Ektron v8.6 for Developers
BillCavaUs
 
Ad

Similar to Sitecore Security Overview (20)

PPTX
Mastering Sitecore Users Roles and Security: A Beginner's Guide to Streamline...
Akshay Barve
 
PPTX
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
PDF
An Intro to Sitecore 9 & GDPR Compliancy
Sagittarius
 
PPTX
Thoughts on Defensive Development for Sitecore
PINT Inc
 
PDF
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
PDF
Johannes Zijlstra - Sitecore 9 and GDPR
Sagittarius
 
PPTX
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
PPTX
Introduction to sitecore identity
Gopikrishna Gujjula
 
PPTX
Best practices for security and governance in share point 2013 published
AntonioMaio2
 
PPTX
Hacking_SharePoint_FINAL
Ian Naumenko, CISSP, CRISC
 
PPTX
Keeping hackers out release to public
Bas Lijten
 
PDF
SharePoint Team Site Permissions #Share4Biz
Veronique Palmer
 
PPTX
What’s your Social IQ? Succeeding with SharePoint Social by Chris McNulty - S...
SPTechCon
 
PDF
Virtual Office Hours- A SharePoint Discussion for Nonprofits.pdf
TechSoup
 
PPTX
#spsuk: Understanding the Office 365 Architecture
pearce.alex
 
PPTX
Permissions designed to scale
Jamie Aliperti
 
PPT
sharepoint.microsoft.com
webhostingguy
 
PPTX
Sitecore9 key features by jitendra soni - Presented in Sitecore User Group UK
Jitendra Soni
 
PPTX
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
PDF
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
Mastering Sitecore Users Roles and Security: A Beginner's Guide to Streamline...
Akshay Barve
 
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
An Intro to Sitecore 9 & GDPR Compliancy
Sagittarius
 
Thoughts on Defensive Development for Sitecore
PINT Inc
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
Johannes Zijlstra - Sitecore 9 and GDPR
Sagittarius
 
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
Introduction to sitecore identity
Gopikrishna Gujjula
 
Best practices for security and governance in share point 2013 published
AntonioMaio2
 
Hacking_SharePoint_FINAL
Ian Naumenko, CISSP, CRISC
 
Keeping hackers out release to public
Bas Lijten
 
SharePoint Team Site Permissions #Share4Biz
Veronique Palmer
 
What’s your Social IQ? Succeeding with SharePoint Social by Chris McNulty - S...
SPTechCon
 
Virtual Office Hours- A SharePoint Discussion for Nonprofits.pdf
TechSoup
 
#spsuk: Understanding the Office 365 Architecture
pearce.alex
 
Permissions designed to scale
Jamie Aliperti
 
sharepoint.microsoft.com
webhostingguy
 
Sitecore9 key features by jitendra soni - Presented in Sitecore User Group UK
Jitendra Soni
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
Vasiliy Fomichev
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A Presentation on Artificial Intelligence
memembruh336
 
Encapsulation theory and applications.pdf
gurumoop
 

Sitecore Security Overview

  • 2. Glen McInnis Vice President Nonlinear Creations Inc. glen@nonlinear.ca
  • 3. 01 Overview 03 User Repositories Non-Sitecore 04 Planning Security 02 Security Interfaces Administrator’s Guide toSitecore
  • 4. Sitecore Security Concepts • Users. A user account in Sitecore contains details about the user name, domain, email, and password. You can (but should not) assign access rights directly to a user account. • Roles. A collection of users or a collection of users and other roles. You can use roles to assign access rights to groups of users by making them a member of a role. • Domains. a collection of security accounts (users and roles) that you can administer as a unit with common rules and procedures
  • 5. Domains • Default domains: • Sitecore – contains CMS users (content authors) • Extranet – users of the published site • Default – used when no other domain can be resolved • Each domain contains an Everyone role and an Anonymous user. • Sitecore determines the domain from the context site.
  • 6. Domain Scope • Global domains - users are able to access all the domains in the system. • Locally managed domains – users can only access a specific domain. A local administrator usually maintains a locally managed domain. Users that belong to a locally managed domain will only see security accounts that belong in the same domain.
  • 7. Application of Security to Content Authors – Content and Workflow • Security can be set for content items by role (recommended) or user (not recommended). • Security inherits to descendant content until inheritance is broken. • Ability to act on an item is determined by the item security as well as the security set on the current workflow state.
  • 8. Application of Security to Content Authors – Features • Sitecore has built in roles named “Sitecore Client *” that grant or limit access to Sitecore features. • Any content author must be a member of Sitecore Client Authoring • Sitecore “administrator” should be granted sparingly.
  • 9. Security and Website Visitors • Visitors to the website are in the “extranet” domain. If users are not logged in they are “extranetanonymous”. • Any security applied to content items will affect the availability and visibility of content on the site for visitors. • This allows for the creation of secure content. Common scenarios are member’s only or premium paid content as well as general portal functionality.
  • 10. ADMINISTRATOR’S GUIDE TO SITECORE SECURITY INTERFACES
  • 17. Authenticating with other User Directories • Sitecore implements the ASP.NET security provider model. You can roll your own implementation to connect to your source. • Active Directory Module is supported by Sitecore. Various others exist on the Sitecore Marketplace.
  • 18. Common User Repositories • Active Directory, ADFS • CRM: Dynamics, Salesforce • AMS: Personify, Aptify • Ecommerce: Insite, Commerce Server
  • 20. Sitecore Security • Interaction between item security, inheritance and workflow security requires consideration during site IA planning. • Item A • Item B • Item C
  • 21. Sitecore Feature Access • Decide which users can access features. There are over 35 built in roles, but start with basics. • Publication: Sitecore Client Publishing • Translation: Sitecore Client Translation • Security: Sitecore Client Security, Sitecore Account Managing Multisite Tip: Role membership is a user settings – there it their permission in all sites.
  • 23. Contact Us LOCATIONS TORONTO 49 Spadina Avenue Suite201 Toronto, ON M5V 2J1 +1 416 203 2997 NYC 445 BroadHollowRd. Suite25 Melville,NY 11747 +1 631 870 0317 SÃO PAULO Rua Fidalga, 593/603 Suite 16 São Paulo, SP Brazil 05432-070 +55 11 3825 3843 FLORIANÓPOLIS RuaIguaçu, 73 Florianópolis,SC Brazil 88045-610 +55 48 4062 1301 +55 41 4063 9149 OTTAWA 987AWellingtonSt. Suite 201 Ottawa,ON K1Y 2Y1 +1 613 241 2067 +1 877 654 0328

Editor's Notes

  • #4: If there are fewer items – center the agenda vertically