Access to Add an Annotation but no access to Edit a Page

Thomas_H77

21-03-2019

Since the current OOTB functionality when modifying user and group permissions does not allow anything more granular than Modify or No Modify access to a page is there any other mechanism to set the permissions in this manner?

Allow Access:  Add/modify/delete annotations on a page

Remove Access:  Edit a page

Thanks

Answers (2)

Answers (2)

Thomas_H77

22-03-2019

Garurav thank you pointing me to that post, I must have missed it when searching the forums before.  By adding the following permissions as outlined in that article I could edit and delete existing annotations but I wasn't able to create new ones because the cq:annotations node didn't exist yet.

I was able to fix this by adding the following permission.  I can now create the annotations as well with my test account but not edit the elements on the page which is what I was looking for.

Elements Added Per Article

{

   "jcr:primaryType":"rep:ACL",

   "allow":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "jcr:read"

      ]

   },

   "allow13":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:glob":"/*/cq:annotations"

      }

   },

   "allow14":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:glob":"/*/cq:annotations/*"

      }

   },

   "allow15":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "cq:lastModified"

         ]

      }

   },

   "allow16":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "cq:lastModifiedBy"

         ]

      }

   },

   "allow17":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "jcr:lastModified"

         ]

      }

   },

   "allow18":{

      "jcr:primaryType":"rep:GrantACE",

      "rep:principalName":"annotations-group-example",

      "rep:privileges":[

         "rep:write"

      ],

      "rep:restrictions":{

         "jcr:primaryType":"rep:Restrictions",

         "rep:itemNames":[

            "jcr:lastModifiedBy"

         ]

      }

   }

}

Item Added to Allow Creation of the cq:annotations Node

- Allow Access

- Advanced: jcr:AddChildNodes

- Restrictions/rep:glob:  ​/*/*