Expand my Community achievements bar.

SOLVED

Setting permissions on content fragment variations

Avatar

Level 1
Level 1
2/25/19 10:06:31 AM

Is it possible to set alternate permissions on variations within content fragments?  In my workflow, the master needs to be a "read-only" version.  Authors should be able to create and edit variations, but they can't change the master. I don't see ACLs in useradmin for the variations, just the CF itself.  Is it possible to do this?

Thanks,

Brian

Views

554

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

View solution in original post

Views

473

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

Views

474

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
2/27/19 10:08:10 AM

Thanks for the suggestion, I will look into that.

Views

478

Replies

0
Sign in to like this content

Total Likes

Translate
Translate