Expand my Community achievements bar.

Adobe Summit 2025: AEM Session Recordings Are Live! Missed a session or want to revisit your favorites? Watch the latest recordings now.
Watch Now!

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Access to Add an Annotation but no access to Edit a Page

Avatar

Level 3
Level 3
3/21/19 10:27:47 AM

Since the current OOTB functionality when modifying user and group permissions does not allow anything more granular than Modify or No Modify access to a page is there any other mechanism to set the permissions in this manner?

Allow Access:  Add/modify/delete annotations on a page

Remove Access:  Edit a page

Thanks

Views

1.5K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
3/21/19 10:53:52 AM

check - Re: Enhancements to AEM to support restricted user permissions

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
3/21/19 10:53:52 AM

check - Re: Enhancements to AEM to support restricted user permissions

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
3/22/19 6:43:51 AM

Garurav thank you pointing me to that post, I must have missed it when searching the forums before.  By adding the following permissions as outlined in that article I could edit and delete existing annotations but I wasn't able to create new ones because the cq:annotations node didn't exist yet.

I was able to fix this by adding the following permission.  I can now create the annotations as well with my test account but not edit the elements on the page which is what I was looking for.

Elements Added Per Article

{

   "jcr:primaryType":"rep:ACL",

   "allow":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "jcr:read"

      ]

   },

   "allow13":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:glob":"/*/cq:annotations"

      }

   },

   "allow14":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:glob":"/*/cq:annotations/*"

      }

   },

   "allow15":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "cq:lastModified"

         ]

      }

   },

   "allow16":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "cq:lastModifiedBy"

         ]

      }

   },

   "allow17":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "jcr:lastModified"

         ]

      }

   },

   "allow18":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "jcr:lastModifiedBy"

         ]

      }

   }

}

Item Added to Allow Creation of the cq:annotations Node

- Allow Access

- Advanced: jcr:AddChildNodes

- Restrictions/rep:glob:  ​/*/*

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
3/22/19 6:48:49 AM

sounds good!

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Page property issue Solved

Views

94

Likes

0

Replies

2
Load custom clientlibrary on top of the page which should be configurable Solved

Views

109

Likes

0

Replies

3
Adding an ESI component within an experience fragment doesn't work

Views

79

Likes

0

Replies

2
How to setup a local AEMaaCS instance to support SSI

Views

88

Likes

0

Replies

3
Why does creating a language copy of language-masters/en also create a copy in the global folder in AEMaaCS?

Views

92

Likes

0

Replies

3