Topics

All topics

Filter search results by view permissions

Overview

Sitefinity CMS can automatically filter content queries so that items the current user cannot view are excluded from results. You can enable this filtering globally or on a per-provider basis. For search index scenarios, you can also store view permissions directly in the search index to improve performance and pagination.

Enable global filtering

NOTE: Enabling this setting globally can affect performance. To improve performance, you can store permissions in the search index. For more information, see Store view permissions in the search index.

To enable filtering queries by view permissions globally, perform the following:

Navigate to Settings » Advanced » Security.
Locate the FilterQueriesByViewPermissions setting (Enable filtering queries by view permissions).
Enable the setting.

Enable per-provider filtering

To enable filtering for a specific provider, perform the following:

Navigate to the advanced settings for the relevant module. For example, navigate to Advanced settings » Libraries » Providers.
Select the provider.
Select Parameters and click Add new.
Set the following parameter:
- Key: filterQueriesByViewPermissions
- Value: true

Store view permissions in the search index

PREREQUISITES: This capability is available as of version Sitefinity CMS 15.4.8629 in Sitefinity CMS and Sitefinity Cloud (PaaS) setup.

For faster permission-based filtering and improved pagination, you can store view permissions directly in the search index.

To enable this, perform the following:

Add the following key to the appSettings section of your web.config file:
<add key="sf:storeViewPermissionInSearchIndex" value="true" />
Reindex your search index.

When enabled, Sitefinity CMS adds GrantedViewPermissionPrincipals and DeniedViewPermissionPrincipals fields to the search index based on each item's view permissions.

Known limitations

The following limitations apply when view permissions are stored in the search index.

Administrators always see all items

Administrator users always have access to all indexed content in search results, regardless of the access groups configured on individual resources.

Owner role is ignored

The Owner role in Sitefinity CMS is not reflected in search visibility. Content ownership does not grant any special search access.

Change owner, Change permissions, and Unlock are not observed

Only the View, Create, Modify, and Delete permission types are mapped to access groups. Actions such as Change owner, Change permissions, and Unlock have no effect on what is indexed or returned in search results.

Want to learn more?

Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.

Get started with Integration Hub | Sitefinity Cloud

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting your Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.

Was this article helpful?

Yes No