Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

Mark Solution

This conversation has been locked.

Controlling access to CRXDE - based on user permissions

Avatar

sekhar1712
Level 1

3/17/23

Description - Need an option to disable access or grant access to CRXDE for a group 

Why is this feature important to you - Since there is no way a group of users is restricted to have access to CRXDE, with the available previleges users are able to edit content/configuration nodes using CRXDE and there by interfering with the default structure that should never be touched, also users are in a position to update some properties like resourceType using CRXDE.

How would you like the feature to work - We should have a ACL control at group level to grant/deny permissions for a set of users to access CRXDE.

Current Behaviour - Currently the CRXDE is available to everyone and user are able to update the content or node for which they can access. 

2 Comments

Avatar

ShaileshBassi
Community Advisor

4/5/23

hi @sekhar1712 

For enabling and disabling the access to crxde you can refer to the documentation i.e. https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/enabling-crxde-...

 

If it is just the nodes can be seen by the authors, but the authors should not be able to make any change. It can be achieve with the help of certain set of permissions applied.

 

By default there is only the read permission granted to the users, which does not allow the permission to edit, modify or delete anything for that specific user.

 

Now grant the authors only the permission required for the respective content. For granting the permission it is always recommended to have multiple groups based on the business requirement so that maintainability is easy at the later stage.

 

Examples for RepoInit:

# Create a group
create group test
create group my-site-admin
set ACL for my-site-admin
    allow crx:replicate, jcr:lockManagement, jcr:versionManagement, rep:write on /content/my-site
end

# Add group members
add my-site-admin to group test
Reply
Related Conversations
Add polls and survey to the experience league

Views

625

Like

1

Replies

1
Remove tasks from Workload Balancer when user has indicated that that they are Done with my part

Views

612

Likes

3

Replies

0
Ability to extract more than 50,000 rows of data from Analytics Workspace

Views

634

Likes

2

Replies

0
Adding option for users to mark a question/discussion/idea as favorite in Experience League Portal

Views

1.1K

Likes

3

Replies

5
Bookmark or save-for-later icon for questions/blogs, etc. on the community pages

Views

627

Like

1

Replies

0