Expand my Community achievements bar.

Mark Solution

This conversation has been locked.

Controlling access to CRXDE - based on user permissions


Level 1


Description - Need an option to disable access or grant access to CRXDE for a group 

Why is this feature important to you - Since there is no way a group of users is restricted to have access to CRXDE, with the available previleges users are able to edit content/configuration nodes using CRXDE and there by interfering with the default structure that should never be touched, also users are in a position to update some properties like resourceType using CRXDE.

How would you like the feature to work - We should have a ACL control at group level to grant/deny permissions for a set of users to access CRXDE.

Current Behaviour - Currently the CRXDE is available to everyone and user are able to update the content or node for which they can access. 



Community Advisor


hi @sekhar1712 

For enabling and disabling the access to crxde you can refer to the documentation i.e. https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/enabling-crxde-...


If it is just the nodes can be seen by the authors, but the authors should not be able to make any change. It can be achieve with the help of certain set of permissions applied.


By default there is only the read permission granted to the users, which does not allow the permission to edit, modify or delete anything for that specific user.


Now grant the authors only the permission required for the respective content. For granting the permission it is always recommended to have multiple groups based on the business requirement so that maintainability is easy at the later stage.


Examples for RepoInit:

# Create a group
create group test
create group my-site-admin
set ACL for my-site-admin
    allow crx:replicate, jcr:lockManagement, jcr:versionManagement, rep:write on /content/my-site

# Add group members
add my-site-admin to group test