lockingsitecorerolessitecore7sitecore8

Sitecore 8 Admin role: Lock access


I have two users say: Messi and Ronaldo. Both have the sitecore Admin roles. I was just playing around with them and got to see that Messi can override Ronaldo's actions on a certain item. Is this because both are admin roles and have the right to override any access to any item in sitecore ?

That is, if Ronaldo has locked an item in sitecore content tree then Messi can change-publish-relock the same item!! The message "Ronaldo has locked this item" is just a note.

Is this behavior correct (sitecore inbuilt)? where can we observe the code that is responsible for such behavior?

This is not the case with a user with Author role trying to override Admin locks.The author is displayed with the message "You cannot edit this item because 'Admin' has locked it."

All suggestions accepted.


Solution

  • As mentioned in the comments, Sitecore Administrators can do anything. That's not because they have unlimited access set up, but because when someone is an administrator the entire access will be ignored (similar to using a SecurityDisabler() in code).
    That's a big difference, it means that even when denying access rights to someone in the administrator role that will be ignored.

    Again, as mentioned in the comments, this includes things such as locking, but also workflow - normally when something is in the final state of a workflow Sitecore will make sure to create a new version when you start editing. This will not happen with an administrator - they will just edit the final version.

    Needless to say, this is not recommended practice (for editors), instead you should create a new role (or multiple new roles) to set up the correct access rights.