Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
See the List & Register
SOLVED

Restricting Groups that a User can be added to

Avatar

Level 3
Level 3
‎15-10-2015 19:30 PDT

We are trying to allow a user/group to create new users, but only as a member of certain groups.  We have multiple "brand" super user groups.  Each "brand" super user should only be allowed to add a new user to groups for their brand. With our current configuration, the group assignment works properly for existing users, but I am unable to create new users.  The way we have the permissions set up under home is the following:

~/home - Allow Read

~/home/groups - Allow Read(applies to all child nodes as well)

~home/groups/e/everyone - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - not sure if this is necessary, but added it since adding a user is not working and all users are members of the everyone group

~home/groups/t/testbrand-group - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - this is test group that we want to be able to add other users to

~home/users - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate

What permission am I missing that will allow new users to be created?

Views

438

Replies

1

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
‎15-10-2015 19:30 PDT

At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

View solution in original post

Views

404

Replies

0

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 10
Level 10
‎15-10-2015 19:30 PDT

At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

Views

405

Replies

0

Total Likes

Translate
Translate
Jump to reply

The ultimate experience is back.

Join us in Vegas to build skills, learn from the world's top brands, and be inspired.

Register Now