views:

23

answers:

2

I am having trouble with setting the secutrity rights for the Media Library of one of our customers. For the "Sitecore Client Authoring" role I have specifed that it has only read access for the entire Media Library. I needed to "unprotect" items to do this but the Access Viewer tells I have succeeded. Subsequently I wanted to specify access rights for a custom role. That custom role is a member of the following roles:

  • sitecore\Sitecore Client Forms Author
  • sitecore\Sitecore Client AccountManaging
  • sitecore\Sitecore ClientAuthoring
  • sitecore\Author
  • sitecore\Sitecore Marketeer Form Author

The problem is that the Access Viewer keeps telling me (when I look at the access rights for that custom role) that my custom role has write rights on Directory A because the sitecore\Sitecore Client Authoring account has been granted the 'item:write' access right for the '/sitecore/media library' item. When I look at the sitecore\Sitecore Client Authoring role in the Access Viewer the system tells me a different story. There the sitecore\Sitecore Client Authoring role only has read rights.

This is the basic structure of the Media Library for this customer.

Media Library

  • Files

    • Directory A
    • Directory B
    • Directory C etc.
  • Images

    • Directory A'
    • Directory B'
    • Directory C' etc.

Any idea why the write access rights are granted to my custom role?

+2  A: 

Try iisreset and take a look at Access Viewer again. Does it reflect the situation correctly now?

It seems there was an issue in some older versions of SC 6.X.

Yan Sklyarenko
You could also try to reset the cache(/sitecore/admin/cache.aspx). If it's the 6.X issue, the access result is not resetted in time, so the wrong result keeps available in the cache.
Alex de Groot
@Alex: Could you write the thing you just said here as an answer so i can accept it please? @Yan: Thanks for the suggestion again!
Younes
+1  A: 

You could also try to reset the cache(/sitecore/admin/cache.aspx). If it's the 6.X issue, the access result is not resetted in time, so the wrong result keeps available in the cache.

Alex de Groot
Cheers ;) this worked!
Younes