Automatically expand Sitecore users and roles when modified

When someone adds new user and affect it to Sitecore roles in Sitecore, CES doesn't expand the user's security groups nor the known groups members in the CES security cache. When the new user query the index, he have access to nothing but anonymous-available documents. Eventually, when a security cache update is done (at midnight every day or manually), the user gain access to the secured content he has rights to access.

If Sitecore have pipelines triggered at user/role creation and modification, we could add processors to those pipelines that would ask CES to re-expand the relevant groups/users securities to keep the Sitecore securities and CES security cache in sync.

Calls exists in the COM Admin to expand securities :

Also, there is a hidden SynchronizedExpansion parameter on security providers that seems to expand new security cache members at query time instead of adding them without expanding them. This setting is usually set via a vbscript but I think it would be possible to set it on our Sitecore security providers automatically.

  • Jean-François L'Heureux
  • Apr 28 2015
  • Shipped
I need it... Not sure -- just thought it was cool
  • Attach files
  • Simon Langevin commented
    April 28, 2015 21:18

    Would be nicer than having to use a COM Admin Script :P

  • Charles Lechasseur commented
    April 29, 2015 19:38

    BTW, the SynchronizedExpansion config param causes the FileSecurityCache to query a SecurityProvider's for the wellknown groups of an entity when that entity is added to the cache. It doesn't fetch a group's children, for instance. (I don't know much about the Sitecore project, so I don't know if that's acceptable to you or not. Otherwise, the only fallback case that I know is via the COMAdmin call.)

  • Nicolas Bordeleau commented
    April 22, 2016 14:50

    We now call an expansion each time a user or role has changed on the Sitecore side.