Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
Learn More
SOLVED

Access control inheritance issue

Avatar

Former Community Member
10/15/15 7:26:23 PM

Hi,

I was setting up users permissions using ACLSetup class. I am using the allow;jcr:read;production-users;/content format. I have to restrict access of some pages to a particular group but have to leave rest of the pages editable for that group. All the pages are sub pages of the parent home page. I thought of providing jcr:all access to the parent home page and then restricting access to the sub pages and setup the rules for that in AclSetup. However, if i give more permissions to the parent page they are being inherited. I tried reversing the order of permission in ACL with no luck.

  1. When you set allow or deny permission on a given node then 3 scenarios are possible:
    1. if the same ACE (Access Control Entry) is being inherited from a parent node and no matching ACE already exists on the node then nothing will be done.
    2. if the same ACE is being inherited from a parent node and a matching ACE is already defined on that path then it will be removed.
    3. if the same ACE is not being inherited from a parent node then the ACE will be created for that node.''

I can setup permissions for individual section of the website but it will be a long task and any section added in future will require change to the ACL file. 

Any help will be appreciated.

Views

656

Replies

3

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:23 PM

Hi Kumarlal123,

Use glob pattern.

Thanks,

Sham

View solution in original post

Views

598

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:23 PM

Hi Kumarlal123,

Use glob pattern.

Thanks,

Sham

Views

599

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Former Community Member
10/15/15 7:26:23 PM

Sham HC wrote...

Hi Kumarlal123,

Use glob pattern.

Thanks,

Sham

 

Hi Sham,

Can glob pattern be used in AclSetup file as well. I looked on google and all i could find was how to do that programatically. If yes, can you please illustrate the pattern? 

Also will the subnodes always inherit permission from the parent node? because if that's the case we will have to redesign the page hierarchy.

Thanks

Views

424

Replies

0

Total Likes

Translate
Translate

Avatar

Former Community Member
10/15/15 7:26:23 PM

kumarlal123 wrote...

Sham HC wrote...

 

Well, i have been able to work out the permission for sub pages but glob pattern is still a mystery. Sub page do not necessarily need to inherit the permission of the parent node.

Views

442

Replies

0

Total Likes

Translate
Translate
Related Conversations
How to access aem API for outside user . Solved

Views

98

Likes

0

Replies

3
Adobe Real-Time CDP Business Practitioner Professional AD0-E602 Exam - Issue to finding authentic resources Solved

Views

104

Like

1

Replies

5
multidomain configuration issue Solved

Views

172

Likes

0

Replies

6
what sort of access/profile do I need so I can add custom domains/manage pipelines in AEMaaCS? Solved

Views

216

Likes

0

Replies

8
Facing Issue with rewrite rule asked by our client Solved

Views

140

Likes

0

Replies

3