# Users and Roles Managing users and roles is a big topic and this section won't cover everything. We aim to show you different problems that have come up and how we solved them. **Example:** The following command returns the security commands available. ```powershell Get-Command -Noun Role*,User,ItemAcl* | Select-Object -Property Name | Sort-Object -Property Name ``` ## Users Managing users should be a pretty straight forward task. While the User Manager provided by Sitecore is handy, you'll likely find yourself wanting to make bulk changes. The following examples should give you a few ideas about how to manage user accounts. ### Query users and update properties **Example:** The following generates a batch of test users in the default domain with the out-of-the-box user profile template. The users are then queried filtering on the name. ```powershell foreach($num in 0..10) { $key = -join ((65..90) + (97..122) | Get-Random -Count 7 | % {[char]$_}) New-User -Identity "TestUser$($key)" -Enabled -Password "b" -ProfileItemId "{AE4C4969-5B7E-4B4E-9042-B2D8701CE214}" | Out-Null } Get-User -Filter "sitecore\TestUser*" ``` In case you forgot to set the user profile for accounts, we have a solution for that. **Example:** The following queries a user and sets the profile template. Note that changing the profile template requires the user to be authenticated. ```powershell Get-User -Id "michael" -Authenticated | Set-User -ProfileItemId "{AE4C4969-5B7E-4B4E-9042-B2D8701CE214}" ``` **Example:** The following queries all the user accounts for the default provider and filters those over the age of 18. The *age* property is custom on the *Profile*. Finally, export to CSV. ```powershell $users = Get-User -Filter * | Where-Object { $_.Profile.GetCustomProperty("age") -gt 18 } $property = @( "Name", @{Name="Age";Expression={ $PSItem.Profile.GetCustomProperty("age") }} ) $users | Select-Object -Property $property | Export-CSV -Path "$($SitecoreDataFolder)\export\users-over-eighteen.csv" -NoTypeInformation ``` ## Roles **Example:** The following queries roles using the specified identity. ```powershell # Identity can be "[domain]\[name]", "Creator-Owner", and "\Everyone" Get-Role -Identity "default\Everyone" ``` **Example:** The following finds all roles and exports to a report. ```powershell Get-Role -Filter * | Show-ListView -Property Name, Domain ``` **Example:** The following adds a user to a role. ```powershell $user = Get-User -Identity "sitecore\author" $role = Get-Role -Identity "sitecore\Sitecore Client Authoring" Add-RoleMember -Identity $role -Members $user ``` **Example:** The following removes a user from a role. ```powershell $user = Get-User -Identity "sitecore\author" $role = Get-Role -Identity "sitecore\Sitecore Client Authoring" Remove-RoleMember -Identity $role -Members $user ``` ## See Also * [Working with Items - Item Security](/working-with-items/item-security.md) - Managing item-level security and ACLs * [Appendix - Security Commands](/appendix/security.md) - Full security cmdlet reference ## References * [Using Get-User command to query over 200k users](https://stackoverflow.com/questions/34982451/sitecore-powershell-get-user-command/34994302#34994302) * [Explore Sitecore Users Properties](https://lets-share.senktas.net/2017/02/explore-sitecore-users.html) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.sitecorepowershell.com/security/users-and-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.