Sitecore keeps evolving and one area where someone can see such is on the Sitecore Launchpad. This starting screen of Sitecore 8 and 9 provides quick access to some of the essential tools users need to maintain their site. In addition to the evolution of this screen, Sitecore has also been keeping pace with providing more granular built in security roles in order to assist in providing smart defaults and excellent starting points for custom roles. However, in some instances, these out of the box security roles are almost exactly what you need with one exception – they give access to a Launchpad tool that may not be warranted. There are two ways around this issue: 1) you can opt to not use the default security roles and manually create what you need or 2) explicitly remove permissions to the item you wish the security role not to have access to. In this article, we’ll be looking at how to address the latter; how to remove access and hide a Launchpad Button from a custom security role.
For this tutorial, we’ll look at hiding the Update Center button introduced in Sitecore 9.0.2; however, the steps here can be used for any of the Launchpad buttons.
- Sitecore 8.x
- Sitecore 9.x
Step 1: Locate the Item in the Core Content Tree
Using the Core Database, open the Content Editor and navigate to the /Sitecore/Client/Applications/Launchpad/Page Settings/Buttons/ path. To hide the Update Center button, expand the /Tools items to find UpdateCenter.
Step 2: Revoke Read Permissions
Click on UpdateCenter to load the item’s information in the main content pane of the Content Editor. In the ribbon, select the Security Tab and then click on the Assign button.
In the Assign Security Rights dialog that appears, select the Roles and Users you wish to modify. By default on Sitecore 9.x, the sitecore\Sitecore Client Developing role is the only option. Change the explicit Read Allowed permission to be explicitly Read Disallowed. Click the OK button when finished.
The above item will hide the UpdateCenter button from all users and roles that inherit the sitecore\Sitecore Client Developing Role. Since this is the only role for this particular button, it will then hide it from any non-Administrator users. An alternative, and recommended, option would be to Add the custom security role you are concerned about and then explicitly remove Read access from it instead.