Setting Up SXA Role Security

Setting up SXA Role Security

One step that each administrator should do after setting up an SXA site is to determine the security and roles needed. In a typical site, this would involve identifying users and applying the appropriate Sitecore roles. For example, Sitecore Author.

In the case of a Sitecore SXA site, this involves setting up the Tenant role security along with the Site role security.

It's important to do this in the beginning as the security for the appropriate Home, Data, Media nodes and subsequent content will inherit it.

Role Domain

Before we can setup the security roles, we need to determine if they will exist within the sitecore domain, or another domain entirely. We do this using the Domain Manager. It's particularly useful when you are hosting multiple sites with different groups of people authoring them independently.

Domain Manager in the menu in Sitecore.

We can then create and edit existing domains to suit our needs.

Domain Manager window in Sitecore.

Tenant Security

Once we have determined the appropriate domain for the roles to exist in, we can proceed with creating the security for both the Tenant and the Site.

Setting up the Tenant involves right-clicking on the Tenant node and selecting Setup Security as shown below.

Set up security menu.

After selecting the domain we want to use, we're then presented with the role breakdown with the names of each role. My recommendation is use the predefined roles.

Sitecore tenant security roles modal.

Site Security

Similarly to how the Tenant roles were setup, we right-click on the Site node and under Scripts select Setup Security. We have to ensure the Tenant security is setup first, otherwise you will be prompted to do so.

Sitecore site security roles modal.


The difference between what an Admin, Author, Designer, and Member have write access to. I've summarized them below.

  • Admin - write access to either the Tenant or Site including the Settings folder which no other role has access to.
  • Designer - write access to the media and presentation areas, but not content of the site itself.
  • Author - write access to the content, media, data and presentation areas.
  • Member - write access to appropriate media folders.

The full breakdown of what each role has read/write access to can be found here.

👋 Hey Sitecore Enthusiasts!

Sign up to our bi-weekly newsletter for a bite-sized curation of valuable insight from the Sitecore community.

What’s in it for you?

  • Stay up-to-date with the latest Sitecore news
  • New to Sitecore? Learn tips and tricks to help you navigate this powerful tool
  • Sitecore pro? Expand your skill set and discover troubleshooting tips
  • Browse open careers and opportunities
  • Get a chance to be featured in upcoming editions
  • Learn our secret handshake
  • And more!
Sitecore Snack a newsletter by Fishtank Consulting

Meet David Austin

Development Team Lead | Sitecore Technology MVP x 3


David is a decorated Development Team Lead with Sitecore Technology MVP and Coveo MVP awards, as well as Sitecore CDP & Personalize Certified. He's worked in IT for 25 years; everything ranging from Developer to Business Analyst to Group Lead helping manage everything from Intranet and Internet sites to facility management and application support. David is a dedicated family man who loves to spend time with his girls. He's also an avid photographer and loves to explore new places.

Connect with David