search

SitecorePowerShell / Console

Sitecore PowerShell Extensions
https://doc.sitecorepowershell.com/
Other
114 stars 70 forks source link

How do you properly use delegated administration for users? #1158

Closed PremkumarDurai closed 4 years ago

PremkumarDurai commented 4 years ago

Expected Behavior

sitecore powershell script: we have a requirement to read some of the sitecore items which current user is not having read permission , to do that we are using elevated privilege concept with admin user id but still we are unable to read the items

we are using sitecore 8.1 update2.

Actual Behavior

its not returning the items which user is not having read permission though we have used elevated privilege concept

Steps to Reproduce the Problem

$elevatedUser= Get-User -Identity "sitecore\ElevatedUser"

New-UsingBlock (New-Object Sitecore.Security.Accounts.UserSwitcher $elevatedUser) {
    # Run commands that required the elevated access.
}
 #Display validation message only for WEB
$elevatedUser= Get-User -Identity "sitecore\ElevatedUser"

New-UsingBlock (New-Object Sitecore.Security.Accounts.UserSwitcher $elevatedUser) {
    if($($publishingTargetDatabase[$targetDatabaseFieldId]) -eq 'web' -and $DbName -eq 'web')
    {
        #Write-Host "Webonly"
        $linkedItem = Get-Item -Path master:\ -ID $item.ID -Language $LangToPublish 
        $customItem = [pscustomobject]@{
            "ID"=$linkedItem.ID
            "ItemPath"=$linkedItem.ItemPath
            "Language"=$LangToPublish
            "DisplayName"= $linkedItem.DisplayName
            "Database"= $($publishingTargetDatabase[$targetDatabaseFieldId])
            "Updated"=$linkedItem.__Updated
            "Updated by"=$linkedItem."__Updated by"
            "Created"=$linkedItem.__Created
            "Created by"=$linkedItem."__Created by"     
        }
        Show-Alert "Invalid DataSource $customItem" 
    }
}

Provide admin access to sitecore\ElevatedUser and try to get the item which current user is not having read permission

SPE 5.0 and Sitecore 8.1 update 2

michaellwest commented 4 years ago

From your example, I do not see how you know which items have "deny read" for the users. Perhaps your query to do that is still incorrect.

michaellwest commented 4 years ago

Please reopen if you find that this is still an issue.