Recently I discovered an issue with the Developer user role in Sitecore 8.1.3. Though it has been fixed in Sitecore 8.2, it might catch you out if you haven’t upgraded yet.

Sitecore includes a Developer security role that can be assigned to users. This role includes both the Author and Designer roles, as well as adding further permissions. The full description supplied by Sitecore is:

Gives the user access to content manipulation facilities in the Content Editor, plus all the design and authoring roles normally used by client authors and client designers. It also provides access to more functionality on the ribbon of the Content Editor to allow full development features for users assigned to this role.

This role also has access to the Development Tools menu in the Sitecore menu, which gives the user access to further development tools, such as the Package Designer.

For a full description of the security roles within Sitecore, see this documentation page.

However, if you assign this role to a user then there is an issue that the user may encounter when trying to use some Developer functionality. If they attempt to insert an item in the Content Editor using the Insert From Template option, they will see the following exception:

[AccessDeniedException: Application access denied.]
Sitecore.Diagnostics.Assert.HasAccess(Boolean accessAllowed, String message) +81
Sitecore.Shell.Applications.Templates.AddFromTemplate.AddFromTemplateForm.OnLoad(EventArgs e) +73
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +128
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +146
Sitecore.Reflection.ReflectionUtil.InvokeMethod(MethodInfo method, Object[] parameters, Object obj) +89
Sitecore.Web.UI.Sheer.ClientPage.OnLoad(EventArgs e) +594
System.Web.UI.Control.LoadRecursive() +68
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436

This error stems from the fact that the Author role has been explicitly denied access to the Template Lister application, but not to the Insert From Template button itself. They can see and click the button, but when the application is launched, it throws the error.

This has been reported to Sitecore and confirmed as a bug, and is being tracked under the public reference 113200.

As a workaround to this issue, you can do the following:

  • Remove sitecore\Author from the sitecore\Developer role
  • Add the various roles that sitecore\Author inherits directly to the sitecore\Developer role.

This means the Developer gets the roles that Author has, but not the DENY permissions that have been recently set explicitly on the Author role.

Alternatively, as stated above, these same DENY permissions for the Author role don’t seem to be present in Sitecore 8.2, so upgrading to that version will restore the correct functionality.