Permissions Inheritance

Permissions Inheritance

Permissions Inheritance

  • Implicit permission settings that are applied from explicit permissions assigned to ancestor items higher in the hierarchy, instead of being explicitly assigned to the item itself
  • Used by Sitecore to determine access rights when no explicit Allow or Deny access rights have been assigned to the item
  • Useful for simplifying permissions assignments for sites that contain a large hierarchy of items
  • Is enabled when it is not specified, unlike access rights which are denied by default
  • Can be disabled for any item so the item does NOT inherit permission settings from its ancestor items higher in the hierarchy

Precedence

  • If security inheritance is disabled, the effective access rights granted to a user are based on settings explicitly specified for the user and roles assigned to the user
  • If security inheritance is enabled, the effective access rights granted to a user include settings specified for items higher in the Content Tree
  • If inherited access rights conflict with explicitly assigned access rights, the explicit rights always take precedence over inheritance settings

Using Inheritance to Grant Access

  • Unlike explicit permissions, inheritance only affects a specific role, so it will not prevent a user from accessing an item if the user has been assigned another role that gives them access to the item
  • You can use inheritance to ensure that a role has access rights to the descendents of an item that it does not have to the item itself

Using Inheritance to Prevent Access

  • You can use inheritance to control the access that an account has to the items in the Content Tree
  • You can use inheritance to prevent access to subitems even though an account has access to its parent
  • This is an alternative to assigning Deny permissions, which are used to block access rather than prevent it
  • Inheritance will not block access to an item by a user if the user is a member of another role that grants them access to the item

Sources