Web developers wiki ASP.NET Sitecore Sharepoint Kentico by Evident Interactive

Sitecore: Publishing security checks

Modified: 2009/06/02 14:35 by m.wensveen - Categorized as: Sitecore
By default, when publishing items, access rights are ignored. This means that when an editor can only edit some limited part of the entire content tree, "publish site" still publishes the entire site, including the items the editor does not have access to. The same goes for publishing an item and all descendants. When the editor does not have read/write rights to some items, publishing an ancestor also publishes the inaccessible items.
This can be especially dangerous when you have sitecore set up to serve multiple sites via Sites.config, and have different site authors for each site.

To fix this problem, you have to modify the "Publishing.CheckSecurity" setting so that the value is true:

<setting name="Publishing.CheckSecurity" value="true"/>

The effect is that each item is checked for proper access rights before being published. The comment above this setting explains the effect best:

When CheckSecurity=true, Read rights are required for all source items. When it is determined that an item should be updated or created in the target database, Write right is required on the source item. If it is determined that the item should be deleted from target database, Delete right is required on the target item. In summary, only the Read, Write and Delete rights are used. All other rights are ignored.

 © Evident Interactive BV