In AEM Assets 6.2, how can a user create a collection that is private to only themselves unless they choose to share with other users?
At the stages of creating a collection, I have the "add User" option where I can grant users editor, owner or viewer permissions. Even if I don't give anyone else viewer permission, I find every user can see my collection. I would assume not giving access to other users would prevent anyone from seeing the collection.
In my instance, users are granted read, create, modify level permissions to content/dam/collections. I found this level of access means that they see all collections created by every user. I found granting read to collections was necessary. If I don't give the user read level access but give them modify and create to content/dam/collections, then they can not see their own collections. How can I configure my user permissions so that other users don't see all collections but a user can create a collection?
From what I have seen, OOB whenever a collection is created it creates rep:policy with deny all. So users should not be able to see a collection created by another user unless its shared. You can check if there is any custom rep:policy added under /content/dam/collections with rep:glob /*, if so you can remove that to achieve your requirement.
After reading this discussion, I am still not clear if this question was answered:
How can I configure my user permissions so that other users don't see all collections but a user can create a collection?
In our situation, we are multi-tenant 6.4.1 - and currently all (non-private) collections new and existing are visible to all AEM authors. We want to setup permissions so that only people of a particular group, or business unit can see new and existing within their respective teams, but not all in the repository.
Thank you for the answer. After more testing, it does deny the user any new collections being created, it just grants access to preexisting collections. I found that since /content/dam/collections had read, it would naturally grant read to all existing collections under content/dam/collections. This occurs whenever I make a new user group now. I have to then deny any already existing collections from this user group. This clearly isn't sustainable going forward as our number of collections grows so I still must not be doing something right...
Although with this set up I can't figure out why users can't share collections with each other. I have granted read to home/users but that doesn't seem to be enough permission.