Repository Initialization: How to set deny and allow permission for groups

Question

Hi Team

I have created two new groups using the below script. but unable assign permissions.

create group group1 with path /home/groups/project
add group1 to group dam-users
set properties on authorizable(group1)/profile
set givenName{String} to "Project Group1"
set aboutMe{String} to "The members of this group are allowed to create, updated and delete"
end

create group group2 with path /home/groups/project
add group2 to group dam-users
set properties on authorizable(group2)/profile
set givenName{String} to "Project Group2"
set aboutMe{String} to "The members of this group are read and replicate"
end

Group1 should create, edit and delete however they should not have right to replicate content under path /content/dam/project

Group2 should only read and replicate content under path /content/dam/project

Please help

Raja_Reddy · Accepted Answer

Hi @prashardan
you can use the setACL command in the script

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-users-groups-and-permissions
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-organizing-groups-and-assigning-permissions/ba-p/569016