In AEM Assets 6.2, how can a user create a collection that is private to only themselves unless they choose to share with other users?
At the stages of creating a collection, I have the "add User" option where I can grant users editor, owner or viewer permissions. Even if I don't give anyone else viewer permission, I find every user can see my collection. I would assume not giving access to other users would prevent anyone from seeing the collection.
In my instance, users are granted read, create, modify level permissions to content/dam/collections. I found this level of access means that they see all collections created by every user. I found granting read to collections was necessary. If I don't give the user read level access but give them modify and create to content/dam/collections, then they can not see their own collections. How can I configure my user permissions so that other users don't see all collections but a user can create a collection?
From what I have seen, OOB whenever a collection is created it creates rep:policy with deny all. So users should not be able to see a collection created by another user unless its shared. You can check if there is any custom rep:policy added under /content/dam/collections with rep:glob /*, if so you can remove that to achieve your requirement.
After reading this discussion, I am still not clear if this question was answered:
How can I configure my user permissions so that other users don't see all collections but a user can create a collection?
In our situation, we are multi-tenant 6.4.1 - and currently all (non-private) collections new and existing are visible to all AEM authors. We want to setup permissions so that only people of a particular group, or business unit can see new and existing within their respective teams, but not all in the repository.
*the same is true for Projects!
Read permission on home/users should be sufficient to see and share with users.
Can you check rep:policy for /content/dam/collections node ? For reference you can check dam-users group permission
Thank you for the answer. After more testing, it does deny the user any new collections being created, it just grants access to preexisting collections. I found that since /content/dam/collections had read, it would naturally grant read to all existing collections under content/dam/collections. This occurs whenever I make a new user group now. I have to then deny any already existing collections from this user group. This clearly isn't sustainable going forward as our number of collections grows so I still must not be doing something right...
Although with this set up I can't figure out why users can't share collections with each other. I have granted read to home/users but that doesn't seem to be enough permission.