Allow Blueprint Rollouts Without Requiring Read Access to All Live Copies

Question

In Adobe Experience Manager (AEM), performing a rollout from a blueprint currently requires the initiating user to have at least read access to all live copies associated with that blueprint. If the user lacks access to even one unrelated or newly created live copy, the rollout operation fails—even when the user has full permissions on the blueprint and the intended target live copy.

This behavior creates significant operational challenges in large, multi-site or multi-tenant environments where:

Editors are intentionally restricted from accessing unrelated live copies
New sites are frequently added under the same blueprint
Permission models are designed to enforce strict content isolation

As a result, editors are blocked from performing legitimate rollouts, while administrators can perform the same action successfully. This forces teams to either over-provision permissions, rely on admin intervention, or introduce service-account-based workarounds, all of which increase operational risk and complexity.

Requested Enhancement:
Allow blueprint rollouts to:

Succeed based solely on permissions for the blueprint and the target live copy(s), or
Gracefully ignore live copies to which the user does not have access, or
Provide a configuration option to control this behavior at the blueprint or system level

This enhancement would greatly improve scalability, security, and usability for enterprise AEM implementations, while aligning rollout behavior with least-privilege access principles

HardikCharadva · Answer

Hello All,Can anyone face similar issue, any idea how to sort it out.In order to sort out, we had to provide editors all live copy access for rollout to work. Generally we provide read access on brand folder.We think it’s adobe bug that it’s forcing editors to have all live copies access. Please advise.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded