Security Guidelines for Users and Roles

Sitecore recommended practices for security (users and roles):

  • Break inheritance rather than explicitly deny access rights.
  • Apply security to roles rather than users.
  • Limit access to the parts of the content tree that are relevant to the user that is logged into the system.
  • Limit access to the ribbon items by disabling features that are not relevant to individual users.
  • No users should have empty or obvious passwords.
  • Use the profile setting of the user properties to specify that a user should always use a certain interface no matter what interface they select in the login screen.
  • Make sure that users belong to only the required Sitecore Client roles.
  • Administrator user accounts should only be used to perform administrator tasks (mainly unlocking other user’s items).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>