Description
Sitecore has implemented the Permission-Enabled Search feature starting from Sitecore XP 9.3. By default, the feature is enabled for the sitecore_master_index search index. The Permission-Enabled Search feature filters out search results based on the item:read permissions of the context user.
In some cases, the feature might filter out the search results even if the user is allowed to read the corresponding items.
The issue occurs if one of the user roles denies item:read access:
- Either by denying the Inheritance access right for the item or its ancestor items:
- Or by denying the Descendants item:read access right for the ancestor items:
Solution
To resolve the issue:
- For Sitecore XP 10.2, download and install the pre-release as specified in KB1001439.
- For Sitecore XP 10.0.0, download and install the cumulative hotfix available in KB1001333.
Alternatively, you can disable the Permission-Enabled Search feature. To disable this feature for the sitecore_master_index:
- Change the value of the enableReadAccessIndexing setting from true to false by creating a configuration patch file in the \App_Config\Include\zzz folder:
<?xml version="1.0" encoding="utf-8" ?> <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:search="http://www.sitecore.net/xmlconfig/search/"> <sitecore role:require="Standalone or ContentManagement or XMCloud" search:require="solr"> <contentSearch> <configuration> <indexes hint="list:AddIndex"> <index id="sitecore_master_index"> <configuration> <enableReadAccessIndexing>false</enableReadAccessIndexing> </configuration> </index> </indexes> </configuration> </contentSearch> </sitecore> </configuration> - Optionally, rebuild the sitecore_master_index.
Note: After the feature has been been disabled, the security check is performed on the Sitecore Client side. This might have the following side effects:
- An inaccurate search result count.
- An inaccurate count for facet values.
- Slower query execution.