Consider the following scenario: there is a requirement to let a user visit a web page, but show only some of the content. A common example is a paywall where only the abstract of an article is shown until the visitor logs in.
The security of items in Sitecore is controlled by a number of permissions that can be assigned to users. In order to visit a page, a website visitor will need the “Read” permission of that page.
Ordinarily, you could control this using out-of-the-box personalisation, perhaps showing the abstract only when the visitor is not logged in, and the main article body if they are.
However, this approach has its limitations. If you have a page made up of many components, and your criteria for access is complex, a heavy burden is placed on content editors. Each individual component must have personalisation applied, and when rules are complex the risk of human error is high.
One recent experience prompted us to create an additional permission called “Rules” which gave us a more controlled experience that was much kinder to content editors: All of the complex rules are defined only once at the page level, and each component then only needs a single rule condition “where the item is not restricted”.
The rule conditions could grant early access to subscribers, be based on whether a visitor has triggered a particular Sitecore goal, or any other rule condition available.
Of course, more complex conditions can be developed too. For example, through integrations with other systems such as a CRM you could base permissions on whether a visitor has attended a particular event or spoken to a sales representative.