In some situations, you need to control the access to a certain page for specific users. Sitefinity CMS enables you to manage permissions through code using the Sitefinity CMS Permissions API.
When a new permission is added to a page, it is always added as a reference to all the child pages (and their child pages and so on) of that page. This reference is added no matter whether the child page inherits permissions or not. Therefore, to delete a permission, you must first remove all its references in all child pages.
You can either delete the permissions permanently from the database or just reset the permission values, so that they are not counted during security checks.
To traverse the tree and find all the inheritors of a page, you use the helper method GetPermissionsInheritors() in the PageManager class. Once the permission is removed from all the collections, you can delete the permission. Use the following code in the relevant user widget or service:
UserManager usermanager = UserManager.GetManager();
User user = usermanager.GetUser(username);
PageManager pagemanager = PageManager.GetManager();
PageNode mypage = pagemanager.
FirstOrDefault(pn => pn.Title == pageTitle);
Permission p =
List<ISecuredObject> inheritingPages =
As a result, the page permissions and entries are deleted from the database.
An alternative way to remove the permission is to reset it by setting its Grant and Deny fields to 0. Once the values are reset, the permissions are no longer effective. Permissions will not appear on the UI and will not be counted on any security checks. Note, however, that using this method only resets page permissions, but does not delete them permanently from the database.
Permission p = pagemanager.GetPermission(
p.Grant = 0;
p.Deny = 0;
Back To Top