Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Is it possible to give only create file permission and not create folder permission to a user

Avatar

Employee

Hi All,

 

I am trying to figure out to provide only create file permission and not create folder permission to a user, as the user/group should only be able to upload assets but not create folders. Any info will be helpful. Thank you.

1 Accepted Solution

Avatar

Correct answer by
Level 1

Sorry, it was my mistake, i had removed rep:write permission from the group. Now on adding the rep:write permission back , it is working as expected. Thanks.

View solution in original post

5 Replies

Avatar

Community Advisor

@user09861 You can create folder specific groups and assign permissions to that groups.

Later, assign users to these folders.

Example:

assign user for folder A to following path /content/dam/A. Assign read / modify / create / delete permissions

assign user for folder B to following path /content/dam/B. Assign read / modify / create / delete permissions

so on and so forth. 

This doesn't require any customization and the only scenario is users can create subfolders inside these folders.

 

Another way to handle this request is via approval workflows for external users like agencies/partners etc. and then assign specific permissions.  

 

Avatar

Employee

Thanks for your reply @diksha_mishra , but what my question actually meant was that, is there any way to restrict users/groups from creating folders and only uploading assets. I know that for uploading assets and creating folders we have to give "write" permission. But I want to restrict it to only assets and not folder as shown below:

user09861_0-1649675221137.png

 

Thanks

Avatar

Employee Advisor

Hi,

Welcome to Adobe Community !!


You need to apply restriction for folder creation on AEM Author, using ACL permissions.

This existing thread on AEM Sites section has detailed instructions : https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/acl-permissions-to-restric...

 

I hope this helps.

Thanks,

Vikram Gaur

Avatar

Level 1

thank you for your reply. I tried the same thing and it worked

Now the create folder is hidden for a specific group and only files are visible, but there is an issue occurring when I am trying to create files and upload assets.

 

com.adobe.granite.asset.api.AssetException: Failed to create Asset at path [/content/dam/../../../../..png]
	at com.adobe.granite.asset.core.impl.AssetManagerImpl.createAsset(AssetManagerImpl.java:78) [com.adobe.granite.asset.core:2.2.66]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createOrUpdateAsset(AssetManagerImpl.java:316) [com.day.cq.dam.cq-dam-core:5.13.376]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createOrUpdateAsset(AssetManagerImpl.java:260) [com.day.cq.dam.cq-dam-core:5.13.376]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createAsset(AssetManagerImpl.java:247) [com.day.cq.dam.cq-dam-core:5.13.376]
Caused by: javax.jcr.AccessDeniedException: Access denied.
	at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java:71) [org.apache.jackrabbit.oak-jcr:1.40.0.T20211203153857-c006959]
	at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:311) [org.apache.jackrabbit.oak-jcr:1.40.0.T20211203153857-c006959]
	at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:280) [org.apache.jackrabbit.oak-jcr:1.40.0.T20211203153857-c006959]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:209) [org.apache.jackrabbit.oak-jcr:1.40.0.T20211203153857-c006959]
	at org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:112) [org.apache.jackrabbit.oak-jcr:1.40.0.T20211203153857-c006959]

I have not removed any access for creating file or dialog for this group. Any input here will be helpful. Thanks in advance.

 

Avatar

Correct answer by
Level 1

Sorry, it was my mistake, i had removed rep:write permission from the group. Now on adding the rep:write permission back , it is working as expected. Thanks.