New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security and account managing cmdlets should support System roles and Creator-Owner role. #596

Closed
AdamNaj opened this Issue Mar 4, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@AdamNaj
Member

AdamNaj commented Mar 4, 2016

As requested in issue #595 "Everyone" as well as dynamic & special roles were hard to work with using the built in cmdlets.

It should be possible to work with them in the following manner:

#get "Everyone" role from "default" domain
Get-role -Identity "default\Everyone"
#get "Creator-Owner" dynamic role
Get-role -Identity "Creator-Owner"
#get "Everyone" dynamic role
Get-role -Identity "\Everyone"

#Create ItemAcl with the above roles.
New-ItemAcl -Identity "default\Everyone" -PropagationType Any `
    -SecurityPermission DenyInheritance -AccessRight *
New-ItemAcl -Identity "Creator-Owner" -PropagationType Any `
    -SecurityPermission DenyInheritance -AccessRight *
New-ItemAcl -Identity "\Everyone" -PropagationType Any `
    -SecurityPermission DenyInheritance -AccessRight *

Since this is fixed on platform level - other cmdlets dealing with roles should also accept it now.

@AdamNaj AdamNaj self-assigned this Mar 4, 2016

@AdamNaj AdamNaj added this to the 4.0 milestone Mar 4, 2016

AdamNaj added a commit that referenced this issue Mar 4, 2016

@AdamNaj

This comment has been minimized.

Member

AdamNaj commented Mar 4, 2016

Implemented

@AdamNaj AdamNaj closed this Mar 4, 2016

@michaellwest

This comment has been minimized.

Member

michaellwest commented Mar 4, 2016

Can we use Get-Role -Filter "*\Everyone" instead to be consistent with the other commands?

@AdamNaj

This comment has been minimized.

Member

AdamNaj commented Mar 4, 2016

For the benefit of users that come here... we discussed it on the call - it is consistent with how we do it in other cases. The -Identity being specified as "\Everyone" will still return a single user.

Having it specified as "Everyone" implies the "sitecore" domain as it does in case of all other users/uses. Using a slash in "\Everyone" indicates that you want the generic Everyone without the "sitecore" domain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment