Highlighted

Connecting to AEM Assets with Companion App using non admin User

Avatar

_Sid_

21-03-2016

I'm trying to connect to the AEM Assets server using the Companion app, however the only user that i can connect with admin/admin

Wondering how to restrict user access for creative developers while using the companion apps. 

I did create some users which could only access specific folder inside dam (works well in touch UI and CRX), but these users fail to connect using the companion app.

Replies

Highlighted

Avatar

Mark_Frisbey

21-03-2016

Hi Sid,

If the user that you're trying to connect with doesn't have access to /content/dam, then you'll need to change the URL that the companion app is using to connect.

For example, if the user only has access to /content/dam/geometrixx, then you would need to change the companion app's URL to something like http://localhost:4502/content/dam/geometrixx. How exactly you do that will differ depending on your OS, so if you need assistance changing the URL then feel free to let me know which operating system you're using and I can help further.

Highlighted

Avatar

_Sid_

21-03-2016

Thanks Mark,

 

My user initially had read only permissions on everything, ad R/W permissions only on a specific DAM folder.

This morning, as an experiment, i gave full permissions to the User on the entire CRX structure.

then the companion app was able to connect. After that i gradually removed all those permissions to find which one did the trick, but now i'm down to the original permission and my user still connects.

Looks like that one time admin privilege helped create a temp folder or profile somewhere, due to which my user connects seamlessly now.

FYI - i did not change my connection URL during these tests, since my User did have Read permissions through the /lc/content/dam structure,

I'm going to test read only use cases, and will post back if i notice any anomalies 

Highlighted

Avatar

_Sid_

22-03-2016

mark.frisbey wrote...

Hi Sid,

If the user that you're trying to connect with doesn't have access to /content/dam, then you'll need to change the URL that the companion app is using to connect.

For example, if the user only has access to /content/dam/geometrixx, then you would need to change the companion app's URL to something like http://localhost:4502/content/dam/geometrixx. How exactly you do that will differ depending on your OS, so if you need assistance changing the URL then feel free to let me know which operating system you're using and I can help further.

 

Further i found that i wasn't much about permissions, some kind of CSRF filter or other security measure kept blocking me from having multiple connections with the same user.

So i went ahead and closed all browsers where this user was logged on to AEM, and then restarted my server to clear any pending connections.

Now that this user can connect, there are still some issues ahead. The user will have Companion app as a mounted drive, so that he can browse the assets in his creative applications.

We tried in lightroom, and the user could very well se the files and import them to lightroom. however he cannot modify any files, although he can export them back as a new copy.

When i look in AEM Security, the user has Read, modify, create and delete permissions on the /content/dam/projects/demo/dev1 folder, any thoughts on that