AEM Authorizations | Community
Skip to main content
N
nsvsrk
Level 8
December 3, 2015
Solved

AEM Authorizations

  • December 3, 2015
  • 5 replies
  • 1760 views

Hi all,

I have an AEM web page, with 4 different sections.

The authors for these individual sections are different.

How does the admin offer access to different users (authors) on different sections?

As far I know, it is done at a page level and not below it (within the page.)

Appreciate your responses.

Thanks,

Rama.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by kautuk_sahni

Hi

This is Jorg Hoh's reply:-

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

But, 

I have read an article "Using Components as Boilerplates"

//

When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.

To use a component as boilerplate content, perform the following three tasks:

  • To set up boilerplate content, create an instance of the component and reference it from multiple pages.
  • To limit who can edit the component content, apply an ACL to the component instance.
  • To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.

For ease of implementation and maintenance, the two types of users should belong to different user groups:

  • Authors who cannot edit boilerplate content.
  • Senior authors or editors who edit boilerplate content.

Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing

 

I hope this can help you.

 

Thanks and Regards

Kautuk Sahni

5 replies

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
December 3, 2015

Hi,

Well, AEM does provide ACL (access control) at lower levels as well. However, you have set permission for the group not for the individual users.

For more details : https://docs.adobe.com/docs/en/aem/6-1/administer/security/security.html

--

jitendra

N
nsvsrkAuthor
Level 8
December 3, 2015

Hi Jitendra,

Thanks for your reply.

Could you please point me specifically to the areas of documentation that describes how to offer access to anyone to only some sections of a web page?

My understanding is that the User Admin and ACLs are matrix like structures for web pages.

Thanks,

Rama.

smacdonald2008
smacdonald2008
Level 10
December 3, 2015

You cannot set ACL permissions to individual sections on a page. You set them at the node level - which is the page. HEre is an older community thread that talks about this. 

kautuk_sahni
Community Manager
kautuk_sahniCommunity ManagerAccepted solution
Community Manager
December 4, 2015

Hi

This is Jorg Hoh's reply:-

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

But, 

I have read an article "Using Components as Boilerplates"

//

When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.

To use a component as boilerplate content, perform the following three tasks:

  • To set up boilerplate content, create an instance of the component and reference it from multiple pages.
  • To limit who can edit the component content, apply an ACL to the component instance.
  • To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.

For ease of implementation and maintenance, the two types of users should belong to different user groups:

  • Authors who cannot edit boilerplate content.
  • Senior authors or editors who edit boilerplate content.

Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing

 

I hope this can help you.

 

Thanks and Regards

Kautuk Sahni

Kautuk Sahni
N
nsvsrkAuthor
Level 8
December 7, 2015

Thanks a lot to all who replied.

Now I got a very clear idea on this subject.

Thanks,

Rama.

Terms & ConditionsAccessibility statement

Loading footer...