Sitecore: When to use UserSwitcher vs SecurityDisabler

Security Disabler will override all security. All security checks will be skipped and code will run unfettered.
It is good for use during prototyping as you can skip creating of a restricted service account.

1
2
3
4
    using (new SecurityDisabler())
    {
        // code here has elevated security priviledges. No access check performed.
    }

UserSwitcher allows a segment of code to run under a specific user instead of current context user
Good for use in production code as it is reduces the attack surface exposure and is much safer.

1
2
3
4
    using (new UserSwitcher(@"sitecore\RestrictedServiceAccount"))
    {
        // code here has security priviledges of the RestrictedServiceAccount.
    }