How to allow only 1 role to have read access to an item?

Question

I want specific website users to have access to the "Secret" pages of the website.
I have created a new role in the Extranet domain i.e. Extranet/SecretPageRole.
Now, how do I assign roles for "secret" page item in Sitecore so that only users with Role Extranet/SecretPageRole should have access to it?
Currently, I have set the below Access permissions.

Please let me know what I am doing wrong.
Note: Currently the item does not have any descendants, but can have descendants in the future.

Marek Musielak · Accepted Answer

Deny access right always has the highest priority. You cannot revoke it with Allow access right later.
Set Allow access right for Item Read and Descendants Read for your role:

And for extraneteveryone break the inheritance on the item:

With that set, extraneteveryone will not have Read access, cause there won't be any rule which allows it. You can use Access Viewer app to check that:

Dan · Answer

By putting the X in Everyone you are effectively adding an explicit deny to literally everyone, including SecretPageRole.
Not done it but if you can just remove the green tick from Everyone it will become an implicit deny and not affect inheriting roles.

How to allow only 1 role to have read access to an item?

2 Answers

Add your own answers!

Ask a Question