Sitecore PowerShell Extensions
SlackYouTubeStack ExchangeDonate
Search…
Introduction
Disclaimer
Installation
Training
Community
Interfaces
Working with Items
Modules
Remoting
Security
Releases
Troubleshooting
Code Snippets
Appendix
Common
Indexing
Packaging
Presentation
Provider
Security
Add-ItemAcl
Add-RoleMember
Clear-ItemAcl
Disable-User
Enable-User
Export-Role
Export-User
Get-Domain
Get-ItemAcl
Get-Role
Get-RoleMember
Get-User
Import-Role
Import-User
Lock-Item
Login-User
Logout-User
New-Domain
New-ItemAcl
New-Role
New-User
Protect-Item
Remove-Domain
Remove-Role
Remove-RoleMember
Remove-User
Set-ItemAcl
Set-User
Set-UserPassword
Test-Account
Test-ItemAcl
Unlock-Item
Unprotect-Item
Unlock-User
Session
Powered By GitBook
New-ItemAcl
Creates a new access rule for use with Set-ItemAcl and Add-ItemAcl cmdlets.

Syntax

New-ItemAcl [-Identity] <AccountIdentity> [-AccessRight] <String> [-PropagationType] <Unknown | Descendants | Entity | Any> [-SecurityPermission] <NotSet | AllowAccess | DenyAccess | AllowInheritance | DenyInheritance>

Detailed Description

Creates a new access rule for use with Set-ItemAcl and Add-ItemAcl cmdlets.
© 2010-2019 Adam Najmanowicz, Michael West. All rights reserved. Sitecore PowerShell Extensions

Parameters

-Identity <AccountIdentity>

User name including domain for which the access rule is being created. If no domain is specified - 'sitecore' will be used as the default domain.
Specifies the Sitecore user by providing one of the following values.
1
Local Name
2
Example: adam
3
Fully Qualified Name
4
Example: sitecore\adam
Copied!
Aliases
​
Required?
true
Position?
1
Default Value
​
Accept Pipeline Input?
false
Accept Wildcard Characters?
false

-AccessRight <String>

The access right to grand or deny. Well known rights are:
  • field:read - "Field Read" - controls whether an account can read a specific field on an item..
  • field:write - "Field Write" - controls whether an account can update a specific field on an item.
  • item:read - "Read" - controls whether an account can see an item in the content tree and/or on the published Web site, including all of its properties and field values.
  • item:write - "Write" - controls whether an account can update field values. The write access right requires the read access right and field read and field write access rights for individual fields (field read and field write are allowed by default).
  • item:rename - "Rename" - controls whether an account can change the name of an item. The rename access right requires the read access right.
  • item:create - "Create" - controls whether an account can create child items. The create access right requires the read access right.
  • item:delete - "Delete" - Delete right for items. controls whether an account can delete an item. The delete access right requires the read access right
    Important!
    The Delete command also deletes all child items, even if the account has been denied Delete
    rights for one or more of the subitems.
  • item:admin - "Administer" - controls whether an account can configure access rights on an item. The administer access right requires the read and write access rights.
  • language:read - "Language Read" - controls whether a user can read a specific language version of items.
  • language:write - "Language Write" - controls whether a user can update a specific language version of items.
  • site:enter - controls whether a user can access a specific site.
  • insert:show - "Show in Insert" - Determines if the user can see the insert option
  • workflowState:delete - "Workflow State Delete" - controls whether a user can delete items which are currently associated with a specific workflow state.
  • workflowState:write - "Workflow State Write" - controls whether a user can update items which are currently associated with a specific workflow state.
  • workflowCommand:execute - "Workflow Command Execute" - — controls whether a user is shown specific workflow commands.
  • profile:customize - "Customize Profile Key Values" - The right to input out of range values of profile keys, that belong to this profile.
  • bucket:makebucket - "Create Bucket" - convert item to bucket.
  • bucket:unmake - "Revert Bucket" - convert item back from bucket.
  • remote:fieldread - "Field Remote Read" - Field Read right for remoted clients.
Aliases
​
Required?
true
Position?
2
Default Value
​
Accept Pipeline Input?
false
Accept Wildcard Characters?
false

-PropagationType <PropagationType>

The PropagationType enumeration determines which items will be granted the access right.
  • Any - the item and all items inheriting
  • Descendants - applies rights to inheriting children only
  • Entity - applies right to the item only
Aliases
​
Required?
true
Position?
3
Default Value
​
Accept Pipeline Input?
false
Accept Wildcard Characters?
false

-SecurityPermission <SecurityPermission>

The SecurityPermission determines whether to grant (allow) or deny the access right, and deny or allow inheritance of the right.
  • AllowAccess -
  • DenyAccess -
  • AllowInheritance -
  • DenyInheritance -
Aliases
​
Required?
true
Position?
4
Default Value
​
Accept Pipeline Input?
false
Accept Wildcard Characters?
false

Outputs

The output type is the type of the objects that the cmdlet emits.
  • Sitecore.Security.AccessControl.AccessRule

Notes

Help Author: Adam Najmanowicz, Michael West

Examples

EXAMPLE 1

Creates an access rule that allows the "sitecore\adam" user to delete the item to which it will be applied and all of its childre
1
PS master:\> New-ItemAcl -AccessRight item:delete -PropagationType Any -SecurityPermission AllowAccess -Identity "sitecore\adam"
2
​
3
Account AccessRight PermissionType PropagationType SecurityPermission
4
------- ----------- -------------- --------------- ------------------
5
sitecore\admin item:delete Access Any AllowAccess
Copied!

EXAMPLE 2

Allows the "sitecore\adam" user to delete the Home item and all of its children. Denies the "sitecore\mikey" user reading the descendants of the Home item. ;P The security info is created prior to adding it to the item. The item is delivered to the Add-ItemAcl from the pipeline and returned to the pipeline after processing due to the -PassThru parameter. The security information is added to the previously existing security qualifiers.
1
$acl1 = New-ItemAcl -AccessRight item:delete -PropagationType Any -SecurityPermission AllowAccess -Identity "sitecore\adam"
2
$acl2 = New-ItemAcl -AccessRight item:read -PropagationType Descendants -SecurityPermission DenyAccess -Identity "sitecore\mikey"
3
Get-Item -Path master:\content\home | Add-ItemAcl -AccessRules $acl1, $acl2 -PassThru
4
​
5
Name Children Languages Id TemplateName
6
---- -------- --------- -- ------------
7
Home False {en, ja-JP, de-DE, da} {110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9} Sample Item
Copied!

EXAMPLE 3

Allows the "sitecore\adam" user to delete the Home item and all of its children. Denies the "sitecore\mikey" user reading the descendants of the Home item. ;P The security info is created prior to setting it to the item. The item is delivered to the Set-ItemAcl from the pipeline and returned to the pipeline after processing due to the -PassThru parameter. Any previuous security information on the item is removed.
1
$acl1 = New-ItemAcl -AccessRight item:delete -PropagationType Any -SecurityPermission AllowAccess -Identity "sitecore\adam"
2
$acl2 = New-ItemAcl -AccessRight item:read -PropagationType Descendants -SecurityPermission DenyAccess -Identity "sitecore\mikey"
3
Get-Item -Path master:\content\home | Set-ItemAcl -AccessRules $acl1, $acl2 -PassThru
4
​
5
Name Children Languages Id TemplateName
6
---- -------- --------- -- ------------
7
Home False {en, ja-JP, de-DE, da} {110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9} Sample Item
Copied!

Related Topics

Previous
New-Domain
Next
New-Role
Last modified 2yr ago
Export as PDF
Copy link
Contents
Syntax
Detailed Description
Parameters
-Identity <AccountIdentity>
-AccessRight <String>
-PropagationType <PropagationType>
-SecurityPermission <SecurityPermission>
Outputs
Notes
Examples
EXAMPLE 1
EXAMPLE 2
EXAMPLE 3
Related Topics