How to make an assets collection private to other users



In AEM Assets 6.2,  how can a user create a collection that is private to only themselves unless they choose to share with other users?

At the stages of creating a collection, I have the "add User" option where I can grant users editor, owner or viewer permissions. Even if I don't give anyone else viewer permission, I find every user can see my collection. I would assume not giving access to other users would prevent anyone from seeing the collection.

In my instance, users are granted read, create, modify level permissions to content/dam/collections. I found this level of access means that they see all collections created by every user. I found granting read to collections was necessary. If I don't give the user read level access but give them modify and create to content/dam/collections, then they can not see their own collections. How can I configure my user permissions so that other users don't see all collections but a user can create a collection?


Accepted Solutions (1)

Accepted Solutions (1)



From what I have seen, OOB whenever a collection is created it creates rep:policy with deny all. So  users should not be able to see a collection created by another user unless its shared. You can check if there is any custom rep:policy added under /content/dam/collections with rep:glob /*, if so you can remove that to achieve your requirement.

Answers (3)

Answers (3)



After reading this discussion, I am still not clear if this question was answered:

How can I configure my user permissions so that other users don't see all collections but a user can create a collection?

In our situation, we are multi-tenant  6.4.1 - and currently all (non-private) collections new and existing are visible to all AEM authors.  We want to setup permissions so that only people of a particular group, or business unit can see new and existing within their respective teams, but not all in the repository.

*the same is true for Projects!



Read permission on home/users should be sufficient to see and share with users.

Can you check rep:policy for /content/dam/collections node ? For reference you can check dam-users group permission




Thank you for the answer. After more testing, it does deny the user any new collections being created, it just grants access to preexisting collections. I found that since /content/dam/collections had read, it would naturally grant read to all existing collections under content/dam/collections. This occurs whenever I make a new user group now. I have to then deny any already existing collections from this user group. This clearly isn't sustainable going forward as our number of collections grows so I still must not be doing something right...

Although with this set up I can't figure out why users can't share collections with each other. I have granted read to home/users but that doesn't seem to be enough permission.