Expand my Community achievements bar.

SOLVED

AEM User/Group permissions

Avatar

Level 1

We use AEM DAM cloud service. I would like to limit users in the DAM to only view, download, share. 

 

I have two questions on this topic:

 

1. Does anyone know best practice on how to clean up your Groups? We have a ton of groups; some have 50 users, and some have 1 user. 

 

2. How do you edit Group and User permissions? 

    -I tried going to Tools>Security>Groups> Clicking on a Group but all that shows me is what members are in there. I was hoping it would allow me to edit a group to view/read only access.  

 

Thanks!

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 8

create groups  for view, download, and share in Adobe Cloud Admin console/profile and map these groups to the instance level for OOTB Group User permissions based on the view, download, and share. 

Do a try run with sample users, once successful , delete all users from instance level and let them flow via  groups created in Adobe Cloud Admin console/profile

View solution in original post

2 Replies

Avatar

Employee

Hi Megha ,

First you can use user group exported to check your user group mapping nd decide which groups you need to clean up

https://adobe-consulting-services.github.io/acs-aem-commons/features/exporters/users/index.html

 

Second, once you know what groups need clean up m write a Groovy script or java servlet to clean this group . You can have all groups to be cleaned in an excel perhaps and read those user group nodes and delete them.

 

On permissions - in cloud tools->security->Permissions -  . Select group on left rail and it will show permissions.

Screenshot 2024-08-21 at 2.31.02 PM.png

Avatar

Correct answer by
Level 8

create groups  for view, download, and share in Adobe Cloud Admin console/profile and map these groups to the instance level for OOTB Group User permissions based on the view, download, and share. 

Do a try run with sample users, once successful , delete all users from instance level and let them flow via  groups created in Adobe Cloud Admin console/profile