Access to Add an Annotation but no access to Edit a Page

Question

Since the current OOTB functionality when modifying user and group permissions does not allow anything more granular than Modify or No Modify access to a page is there any other mechanism to set the permissions in this manner?

Allow Access: Add/modify/delete annotations on a page

Remove Access: Edit a page

Thanks

Gaurav-Behl · Accepted Answer

check - Re: Enhancements to AEM to support restricted user permissions

Thomas-1977 · Answer

Garurav thank you pointing me to that post, I must have missed it when searching the forums before. By adding the following permissions as outlined in that article I could edit and delete existing annotations but I wasn't able to create new ones because the cq:annotations node didn't exist yet.

I was able to fix this by adding the following permission. I can now create the annotations as well with my test account but not edit the elements on the page which is what I was looking for.

Elements Added Per Article

{

"jcr:primaryType":"rep:ACL",

"allow":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"jcr:read"

]

},

"allow13":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:glob":"/*/cq:annotations"

}

},

"allow14":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:glob":"/*/cq:annotations/*"

}

},

"allow15":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:itemNames":[

"cq:lastModified"

]

}

},

"allow16":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:itemNames":[

"cq:lastModifiedBy"

]

}

},

"allow17":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:itemNames":[

"jcr:lastModified"

]

}

},

"allow18":{

"jcr:primaryType":"rep:GrantACE",

"rep:principalName":"annotations-group-example",

"rep:privileges":[

"rep:write"

],

"rep:restrictions":{

"jcr:primaryType":"rep:Restrictions",

"rep:itemNames":[

"jcr:lastModifiedBy"

]

}

Item Added to Allow Creation of the cq:annotations Node

- Allow Access

- Advanced: jcr:AddChildNodes

- Restrictions/rep:glob: /*/*

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded