Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal : Change default access to PowerShell Reports menu #1284

Closed
michaellwest opened this issue Sep 21, 2022 · 0 comments
Closed

Proposal : Change default access to PowerShell Reports menu #1284

michaellwest opened this issue Sep 21, 2022 · 0 comments
Assignees
@michaellwest
Labels
-release-highlight Exciting change that should be highlighted in the release notes and celebrated by SPE fans. area-commands Involves functions and cmdlets. area-security area-user-interface
Milestone
6.4

Comments

@michaellwest
Copy link
Member

Proposal

Change security role requirement for the PowerShell Reports menu.

  • Current role - sitecore\Sitecore Client Maintaining
    • Gives the user access to template editing features and reporting tools (Log Viewer). This role is intended for Sitecore super-users and developers.
  • Proposed role - sitecore\Sitecore Client Authoring
    • Gives the user access to basic item editing features and reporting tools (Scan for Broken Links). The role is intended for client users to allow access to basic authoring features.

image

Why make a change?

After a new installation, an Admin is required to perform one of two steps:

  • Configure a different role on the PowerShell Reports menu item to allow management with a lesser privileged account.
  • Configure users/roles to elevate consumers of the reports into the higher privileged account.

I'm a fan of the common-sense approach to least privileges access. Adding users to sitecore\Sitecore Client Maintaining means they can access features that you would not normally want them to see/use. I can't imagine wanting users to create new templates in production or view error logs.

What concerns should I have?

Once the role is replaced users would be able to see any custom reports contained within your script library where no rules are configured. You'll want to add rules to the reports to ensure they are visible for the right audience. Here is the default set of reports available to authors.

image

References
@michaellwest michaellwest added this to the 6.4 milestone Sep 21, 2022
@michaellwest michaellwest self-assigned this Sep 21, 2022
michaellwest added a commit that referenced this issue Sep 21, 2022
@michaellwest
#1284 : Changed default role.
a71aa47
@michaellwest michaellwest added -release-highlight Exciting change that should be highlighted in the release notes and celebrated by SPE fans. area-user-interface area-commands Involves functions and cmdlets. area-security labels Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaellwest michaellwest

Labels
-release-highlight Exciting change that should be highlighted in the release notes and celebrated by SPE fans. area-commands Involves functions and cmdlets. area-security area-user-interface
Projects
None yet
Milestone
6.4
Development

No branches or pull requests
1 participant
@michaellwest