One step that each administrator should do after setting up an SXA site is to determine the security and roles needed. In a typical site, this would involve identifying users and applying the appropriate Sitecore roles. For example, Sitecore Author.
In the case of a Sitecore SXA site, this involves setting up the Tenant role security along with the Site role security.
It's important to do this in the beginning as the security for the appropriate Home
, Data
, Media
nodes and subsequent content will inherit it.
Role Domain
Before we can setup the security roles, we need to determine if they will exist within the sitecore
domain, or another domain entirely. We do this using the Domain Manager. It's particularly useful when you are hosting multiple sites with different groups of people authoring them independently.
We can then create and edit existing domains to suit our needs.
Tenant Security
Once we have determined the appropriate domain for the roles to exist in, we can proceed with creating the security for both the Tenant and the Site.
Setting up the Tenant involves right-clicking on the Tenant node and selecting Setup Security
as shown below.
After selecting the domain we want to use, we're then presented with the role breakdown with the names of each role. My recommendation is use the predefined roles.
Site Security
Similarly to how the Tenant roles were setup, we right-click on the Site node and under Scripts
select Setup Security
. We have to ensure the Tenant security is setup first, otherwise you will be prompted to do so.
Roles
The difference between what an Admin, Author, Designer, and Member have write access to. I've summarized them below.
- Admin -
write
access to either the Tenant or Site including the Settings folder which no other role has access to. - Designer -
write
access to the media and presentation areas, but not content of the site itself. - Author -
write
access to the content, media, data and presentation areas. - Member -
write
access to appropriate media folders.
The full breakdown of what each role has read/write access to can be found here.