Home/ Questions/Q 4258226
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T05:37:15+00:00

I have 2 types of site. The first is a data site, containing lots

  • 0

I have 2 types of site. The first is a data site, containing lots of items, updated centrally. The 2nd is a clone of the first, which can be modified by local admin to reflect local needs.

I want my local admin to be able to approve changes pushed through from the data site, but not to have access to any security tools (managed centrally for all sites). So I have roles for my data site and different roles for my cloned sites. My local site admins should only have read acess to the data site.

The problem is, that though I’ve removed access to security tools for my local admins, if there is a change to item security for one of the data site items they’ve cloned then this is pushed to them as a change they can review/accept/reject. My local admins don’t have “administrate” access to the local clone site so they shouldn’t be able to do this. However, they can accept the change, in which case their clone will now have the same access settings as the item it was cloned from. This actually means that my local admin now only has read-only access to the clone.

Is there any way to turn this off, while still allowing local admins to accept content changes?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Answering my own question

    I’ve been recommended to report this as a bug. A user that has no access to set security shouldn’t be able to approve or reject changes to security, so I’ll get a support ticket.

    I do have a workaround for my own implementation:

    All security settings are based on inheritance, no actions are explicitly forbidden. To gain access to a right a user/role must be granted it explicitly or inherit it from an item higher up the content tree. If I move both clone and source sites down a level in the tree, creating a folder for each, then I can set security on the folder of the source items but overwriting security on the home item of the clone site the home item of the source site will never have explicit security settings to overwrite.

    EDIT: Heard back from support. They consider this “Expected behaviour”:

    “Clone” is a special relation between “master” item and “slave” items that allows more confidence than “Proxy” one does.

    That’s quite a big restriction in security configuration imo, and is in direct conflict with the rest of the Sitecore security architecture.

    • 0