PowerShell Script For Creating Roles and Permission Part 1

Hello everyone, As we all know managing user roles and permissions effectively is crucial for maintaining security and ensuring appropriate access within any organization. In this blog post, we'll delve into the user roles and permissions hierarchy at ABC company. We'll explore the different roles, their specific permissions, and how these roles interrelate to form a cohesive and secure system especially when we have multiple website with multisite setup.

We will see, how we can implement this using PowerShell.

Lets consider, we have a company called ABC which is having corpate website followed by Country level site. The company have below roles. The hierarchy of the Site is ABC(Tenant) --> External(Site Collection) --> IN(Site)

  • ABC Limiter
  • ABC Author
  • ABC External IN Access
  • ABC External IN Content Previewer
  • ABC External IN Content Contributor
  • ABC External IN Content Publisher
  • ABC External IN Content Admin
  • ABC External IN Site Admin

Each role has specific permissions and, in many cases, inherits permissions from other roles. Let’s break down these roles and their permissions in detail

ABC Limiter

  • Read Access to Site Collection and Parent level folder

ABC Author

  • Read Access to everything

ABC External IN Access

  • Inherits permissions from ABC Limiter
  • Default Site Collection access (descendants: no).
  • Access to Region Node (descendants: no).
  • Access to Site (descendants: yes).
  • Access to Media IN (descendants: yes).
  • Access to System-->Settings-->Projects (descendants: yes).

ABC External IN Content Previewer

  • Inherits read access from ABC External IN Access, with access to Site, Media, and System including all descendants.

ABC External IN Content Contributor

  • Read Access: Inherits from ABC Author and ABC External Content Previewer.
  • Write Access with descendants on Home, Media, and Data.
  • Create on Home, Media with descendants, and descendants of Data Item.

ABC External IN Content Publisher

  • Inherits from ABC External IN Content Contributor and includes the Sitecore Client Publishing Role.

ABC External IN Content Admin

  • Inherits from ABC External IN Content Publisher.
  • Additional permissions to rename and delete descendants of Home, Media, and Data folders.

ABC External IN Site Admin

  • Inherits from ABC External Content Admin.
  • Additional permissions to write, rename, create, and delete sites and all their descendant folders, media, and shared folders.

Now let's see how we can add the roles using powershell.

       
$siteLanguages = @("en-IN")
$siteName = "IN"
$siteType = "External"
$Organization = "ABC"
$rolePrefix = "$Organization $siteType $siteName"

$siteAccessRole = "$rolePrefix Access"
$siteAdminRole = "$rolePrefix Site Admin"
$contentAdminRole = "$rolePrefix Content Admin"
$contentContributorRole = "$rolePrefix Content Contributor"
$contentPublisherRole = "$rolePrefix Content Publisher"
$contentPreviwerRole = "$rolePrefix Content Previewer"

New-Role -Identity $siteAccessRole
Add-RoleMember -Identity "ABC Limiter" -Members $siteAccessRole

New-Role -Identity $contentPreviwerRole
Add-RoleMember -Identity $siteAccessRole -Members $contentPreviwerRole
Add-RoleMember -Identity "Designer" -Members $contentPreviwerRole

New-Role -Identity $contentContributorRole
Add-RoleMember -Identity $contentPreviwerRole -Members $contentContributorRole
Add-RoleMember -Identity "ABC Author" -Members $contentContributorRole

New-Role -Identity $contentPublisherRole
Add-RoleMember -Identity $contentContributorRole -Members $contentPublisherRole
Add-RoleMember -Identity "Sitecore Client Publishing" -Members $contentPublisherRole

New-Role -Identity $contentAdminRole
Add-RoleMember -Identity $contentContributorRole -Members $contentAdminRole
Add-RoleMember -Identity "ABC Approver" -Members $contentAdminRole
Add-RoleMember -Identity "Sitecore Client Publishing" -Members $contentAdminRole

New-Role -Identity $siteAdminRole
Add-RoleMember -Identity $contentAdminRole -Members $siteAdminRole

The above script is creating the required role and assigning exitsing role as member. To learn more about it you can follow the references section given below.

In the next part, we will see how we create new access rule for the specified roles. Stay tune!!

You can check my other blogs too if interested. Blog Website

References:

  • https://doc.sitecorepowershell.com/appendix/security/new-role#syntax
  • https://doc.sitecorepowershell.com/appendix/security/add-rolemember#syntax

Comments

Post a Comment

Popular posts from this blog

Sitecore XM Cloud Form Integration with Azure Function as Webhook

Image
Hello everyone, In this blog, we will see, how Azure Function can be used with Sitecore Forms. Before starting, I would request everyone to read my previous blog on XM Cloud Form as I am not going to go deep with how to create forms in XM Cloud. Creating Azure Function : Will serve as our Webhook Creating and Integrating Form : XM Cloud Form Creating An Azure Function I will not explain how you can create Azure Function with Http Trigger. You can check this youtube link here . Also in reference section, I will provide the link how you can connect and deploy your changes to azure function using Visual Studio. Azure Function Code : Its just a starter code which Azure function by default. Creating XM Cloud Form and Integrating with Azure Function Step 1 : Create a form from Form Editor and once form us published, you can see the below view in preview state. Here you can edit your form too. But it always recommended to use a version of that form as whatever changes is done will ...
Read more

Automate RSS Feed to Sitecore XM Cloud: Logic App, Next.js API & Authoring API Integration

Image
Hello everyone, In this blog, we will see a pratical use case of reading RSS feed and creating the respective items in Sitecore XM Cloud. To accomplish the task, we will use Logic App, an API created in Next JS and lastly calling the Authoring API to execute mutation query for Item Creation in Sitecore. Let's divide the process into 2 parts: Logic App : This will mostly focus on fetching the feed from RSS, performing transformation, storing the result in array of json object and pushing the data to next js api endpoint. Next JS API Development : This will take care of calling the authoring api of XM Cloud instance and performing the create item mutation query on the recieved data from Logic App. Logic App Azure Logic App is a cloud-based service provided by Microsoft Azure that allows you to automate workflows and integrate applications, data, services, and systems without writing complex code. It enables you to create automated workflows visually through...
Read more

Create and Fetch Content From Sitecore Content Hub One using GraphQL and React

Image
Hello everyone, In this blog, we will see overview of Sitecore Content Hub One product its benefits, features etc. This blog will walkthrough below listed points. Overview Features Content Hub One Dashboard Creating Taxonomy Creating Content Type Uploading New Media Creating Content Items From Content Type Getting GraphQL Token Creating Sample React Application To Read the Content from Content Hub One Overview Sitecore Content Hub One is a powerful platform. It is designed to centralize and streamline content creation, management, and distribution across various channels.Focuses on delivering content via APIs, enabling seamless integration with various front-end frameworks.Hosted in the cloud, offering scalability, automatic updates, and reduced infrastructure management.Provides flexible APIs and SDKs for developers to integrate and build custom solutions efficiently. Features Headless Content Management : Allows content to be delivered via APIs to any front-end or platfor...
Read more