Is Sitecore security slowing you down?

Recently, several blogs have posted about hidden settings that allows you to disable certain security related features in Sitecore. Sitecore can contain many users or many groups. This will sometimes lead to slow performance in the Sitecore shell or in the Sitecore page editor.

One of the reasons that Sitecore becomes slow, is that some security-releated lookups is done using the Sitecore Fast Query. Fast queries are not always fast, as these queries are non-cached SQL select statements done directly on the database:

Database.SelectItems("fast://*[@__lock='%\"" + Context.User.Name + "\"%']");

Some of the lookups are done merely to enhance the user experience – not to enforce security schemes. So some of the lookups can be disabled using web.config settings. Here are a few of them:


This settings enforces security on languages. The settings is TRUE per default and allows you to allow/disallow access to languages. Read this article on how to set up security on languages.

The check is used by Sitecore.Globalization.GetLanguages(), Sitecore.Security.AccessControl.ItemAccess.CanReadLanguage() and Sitecore.Security.AccessControl.ItemAccess.CanWriteLanguage(), and it is also  used by the GetContentEditorWarnings.CanReadLanguage processor.

If your website is not a multilanguage site, or you allow all editors to access all languages, you can disable this check.


This settings is also TRUE by default and it will read the security settings on each node to ensure that you have read acces. If not, the node is hidden. If FALSE, every node is displayed in the tree view, and security is enforced when clicking the node. If you don’t care that every editor can see every node in the tree, you may disable this. Security is still enforced when the editor clicks an item.


This settings applies to the page editor, especially the “My Items” button, which will display how many items you have locked. This lookup is done using Sitecore Fast Query, and can be painfully slow when having lots of users and groups.

Read more about the ShowNumberOfLockedItemsOnButton feature here.

Other resources:

If you are interested in Sitecore performance tweaking, these blogs are worth a visit:


About briancaos

Developer at Pentia A/S since 2003. Have developed Web Applications using Sitecore Since Sitecore 4.1.
This entry was posted in Sitecore 6 and tagged , , , , , , , , . Bookmark the permalink.

3 Responses to Is Sitecore security slowing you down?

  1. Pingback: Sitecore poor database performance « Brian Pedersen’s Sitecore and .NET Blog

  2. Pingback: Sitecore hidden boolean configuration settings - NewGuid.Net

  3. Pingback: Let's do Sitecore

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.