Web developers wiki ASP.NET Sitecore Sharepoint Kentico by Evident Interactive

Sitecore: Cyclic role inheritance crashes website

Modified: 2011/08/03 13:39 by vanthoog - Categorized as: Sitecore
In Sitecore roles can be a member of another role. This is a great feature because it can simplify user maintenance and the definition of roles. But unfortunately there is a major flaw in the implementation of role inheritance in Sitecore: it is possible to create cyclic inheritance. So for example it is possible to create the following role inheritances:
- RoleA is a member of RoleA.
- RoleA is a member of RoleB and RoleB is a member of RoleA.
- RoleA is a member of RoleB, RoleB is a member of RoleC and RoleC is a member of RoleA.

Creating cyclic role inheritance in Sitcore is disastrous because it crashes the website! Actually the application pool will crash and IIS will automatically restart the application pool.

Let’s use the example where RoleA is a member of RoleB, RoleB is a member of RoleA and UserX is a member of RoleA. The website will crash in the following situations:
- UserX logs in and goes to the Sitecore backend. In the content editor he navigates to a content item on which rights have been defined for RoleA or RoleB.
- An administrator logs in and goes to the Sitecore backend. In the access viewer he selects UserX, RoleA or RoleB and he navigates to a content item on which rights have been defined for RoleA or RoleB.

But there may be more situations in which the website will crash.

This behavior has been identified in Sitecore 6.1 and 6.2, but it probably also exists in other versions.

 © Evident Interactive BV