The Sitecore Roles-In-Roles is an extension to the basic authorization that have been around ever since Sitecore 5.
WHAT IS ROLES-IN-ROLES?
Roles-In-Roles allows you to have nested roles, so when you add a role to a user, the user is granted that role, including all the nested roles.
The roles in Sitecore does not only grant access to content, but also to functions, such as publishing, account managing, translating etc. In an attempt to simplify the process of granting authors access to content AND functions, the idea of embedding function roles into one access role was born.
So with roles-in-roles you can create a super-role that grants access to content and functions at the same time.
WHERE DOES SITECORE STORE ROLES IN ROLES?
In the sitecore.config you will find the rolesInRolesManager configuration setting that points to the database where the rolesinroles table is defined.
<rolesInRolesManager defaultProvider="sql" enabled="true"> <providers> <clear /> <add name="sql" type="Sitecore.Security.Accounts.SqlServerRolesInRolesProvider, Sitecore.Kernel" connectionStringName="core" rolesInRolesSupported="true" globalRolesConfigStoreName="globalRoles" raiseEvents="true" /> </providers> </rolesInRolesManager>
HOW DOES IT WORK?
Look at the “Developer” roles in the Roles Manager:
If you click the “Member Of” button you will see all the roles that is embedded into the “Developer” roles:
That means that when my user is granted the “Developer” role:
The user will automatically be granted the “Developer” roles, plus any embedded roles within the “Developer” role. Also, if any roles inside the “Developer” role has embedded roles, these roles are also included.
MORE TO READ:
- List of all security roles from Sitecore
- Sitecore check access and roles programatically by briancaos
- Sitecore Security Part 2: the Security Editor and Access Viewer by Nonlinear Creations
- Sitecore Security: How it Works & Troubleshooting by Rick Cabral