Sitecore PowerShell Elevated Session Blocked: How to Fix

Understanding Elevated Access for SPE

By default, XM Cloud implementation enforces a set of security measures that limit elevated access to SPE. Elevated access typically refers to higher-level permissions that allow users to perform administrative functions, such as managing configurations, changing system settings, etc. The purpose to restrict the elevated access is to maintain security, prevent unauthorized changes and ensure that only trusted individuals can alter the sensitive areas of the platform.

A Step-by-Step Guide to Enable the Elevated Access

While trying to create a new PowerShell script in my local Sitecore instance, I encountered an issue. I was expecting to see a link labeled "Elevated Session," but instead, I found "Elevated session state is blocked." I then clicked on the "Documentation" link and discovered that elevated access is blocked by default and needs to be enabled.

Blocked Access

XM Cloud has a set of variables, including SITECORE_SPE_ELEVATION, that can be used to unblock access. The possible values for this variable are Block, Confirm, and Allow, with the default value set to Block.

This variable must be added or updated in the docker-compose.override.yml file, specifically under the environment variables section of the CM service.

cm:
    image: ${REGISTRY}${COMPOSE_PROJECT_NAME}-xmcloud-cm:${VERSION:-latest}
    build:
      context: ./docker/build/cm
      args:
        PARENT_IMAGE: ${SITECORE_DOCKER_REGISTRY}sitecore-xmcloud-cm:${SITECORE_VERSION}
        TOOLS_IMAGE: ${TOOLS_IMAGE}:${SITECORE_VERSION}
    volumes:
      - ${LOCAL_DEPLOY_PATH}\platform:C:\deploy
      - ${LOCAL_DATA_PATH}\cm:C:\inetpub\wwwroot\App_Data\logs
      - ${HOST_LICENSE_FOLDER}:c:\license
    environment:
      SITECORE_SPE_ELEVATION: "Confirm"

Elevate Session

I set the variable value to "Confirm" and then ran the down and up script for the containers. It worked successfully.

Additionally, I tested using "Allow" as the value, and it removed the prompt for the Elevated Session.

cm:
    image: ${REGISTRY}${COMPOSE_PROJECT_NAME}-xmcloud-cm:${VERSION:-latest}
    build:
      context: ./docker/build/cm
      args:
        PARENT_IMAGE: ${SITECORE_DOCKER_REGISTRY}sitecore-xmcloud-cm:${SITECORE_VERSION}
        TOOLS_IMAGE: ${TOOLS_IMAGE}:${SITECORE_VERSION}
    volumes:
      - ${LOCAL_DEPLOY_PATH}\platform:C:\deploy
      - ${LOCAL_DATA_PATH}\cm:C:\inetpub\wwwroot\App_Data\logs
      - ${HOST_LICENSE_FOLDER}:c:\license
    environment:
      SITECORE_SPE_ELEVATION: "Allow"

No Prompt for Elevated Session

Final Thoughts on Enabling the Elevated Access for SPE

In summary, XM Cloud restricts elevated access for security reasons, which can impact tasks such as creating PowerShell scripts. However, using the SITECORE_SPE_ELEVATION variable, you can unblock or modify access by setting its value to “Confirm” or “Allow”, depending on the level of access needed. This process ensures that you maintain control over when and how elevated access is granted, offering flexibility for development tasks while keeping your environment secure.