Ensure before going to Production that you follow the checklist at the end of this blog post to ensure you have secured your Sitecore Installation.
1) Develop a role matrix
Roles are used to determine which of people will be responsible for reading/editing/publishing content. Depending on your implementation, certain people may only be able to accessing certain content.
Some may access the page editor, while others need the content editor, and still others need the desktop.
It is very tempting especially when working with small companies to map users to their access. Joe is the one uploading pdf files and editing content. Mark will will be the one proof-reading the content and then publishing it. Rather, Joe is a content editor and Mark is a publisher. So your role matrix would be:
Role
-----
Admin
ContentEditor
Publisher
RolePermissions
-----------------
/sitecore/content Admin Read/Write/Publish/Admin/Delete
/sitecore/content ContentEditor Read/Write/Publish
User Roles
------------
Joe ContentEditor
Mark Publisher
Production Promotion Security Checklist
1) Important Sitecore provides a default “Admin” user which has unrestricted access. By default, this user has the password “b” (lower case, single letter). You should change the password associated with this account and store the password in a secure location.
2) Ensure /Sitecore is in the robots.txt file
3) Ensure you register your site with webtools and exclude this path there as well.
4) Log in as a user of each role and double check that you cannot read/edit specific content you have secured. The access viewer can help ensure you see a sea of red.
No comments:
Post a Comment