It is recommended that the root node in a site map allow everyone access. To do this, set the roles attribute to an asterisk (*), or wildcard character, as shown in the following code example.
<?xml version="1.0" encoding="utf-8" ?>
<siteMap>
<siteMapNode title="Home" description="Home"
url="default.aspx" roles="*">
<!-- other <siteMapNode> elements -->
</siteMapNode>
</siteMap>
In a site map, you can reference URLs that are outside of your Web application. Access to a URL outside of the application cannot be tested by ASP.NET. Therefore, if you enable security trimming, the site-map node will not be visible unless you set the roles attribute to an asterisk (*), which enables all clients to view the site-map node without first testing access to the URL.