Powershell Script Access Issue in Sitecore SXA about console HOT 6 CLOSED

Can you add a screenshot showing the access on the item through each step?

from console.

Hi Michaell,

Please find the Screenshot

Step 1: We will run the access rights to the User

Step 2: We will run the Revoke rights to the User

Step 3: Rerun the Script of Step 1 to give access to the same user.

It's getting failed to access the site whereas the user can't see read/write as per Sitecore support, the deny access take precedence.

Please let me know if need any further information.

from console.

I was hoping for a screenshot from the "Security Details" tab but the use of Get-ItemAcl is just as good. As you can see, the use of Add-ItemAcl is additive and therefore the Deny overrides the Allow.

Using Set-ItemAcl may be more appropriate for what you expect to happen.

from console.

Hi @michaellwest,

We have checked the Set-ItemAcl option but it's overwriting the previous security information on an item.
So, we cannot use it because we will have lot of Authors working on CMS and it will break the accessibility.
of Authors for a specific item in the middle of their work.

Please help us in getting the solution for revoke/remove access for a respective user on any specific item.

Thanks,
Raghu

from console.

This issue is stale because it has been open for 365 days with no activity.

from console.

@RaghurajBiz & @michaellwest I am not sure what the nature of this problem is.

After you use the Add-ItemAcl are they not added or are they added but do not exhibit the behavior you expected?
If it's the former we need to fix it (although I could not reproduce it), if it's the latter then I would suggest that the security settings were not chosen correctly and there is another problem that is unrelated to this cmdlet or SPE in general.

Please confirm that the problem you're reporting is that Add-ItemAcl does not add the rights you've passed to it to the item and how we can reproduce it on a clean Sitecore (either with package or a script reproducing the situation).

Currently I have to assume that it works as intended based on the following script:

$authorName = "sitecore\admin"
$micrositePath = "master:/content/Home/security-test"
if(Test-Path $micrositePath){
    Remove-Item $micrositePath
}

New-Item $micrositePath -ItemType "Sample/Sample Item" | Out-Null

Write-Host "Before" -f Green

(Get-Item $micrositePath).Security.GetAccessRules()

Add-ItemAcl -Path $micrositePath -AccessRight item:read -PropagationType Any -SecurityPermission DenyAccess -Identity $authorName

Write-Host "After first assignment" -f Green
(Get-Item $micrositePath).Security.GetAccessRules()

Add-ItemAcl -Path $micrositePath -AccessRight item:read -PropagationType Any -SecurityPermission AllowAccess -Identity $authorName

Write-Host "After second assignment" -f Green
(Get-Item $micrositePath).Security.GetAccessRules()

The execution:

Therefore closing the issue for now. Please reopen if you think this is wrong.

from console.