Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

ACL Permission - Editor Level - Edit existing content - Prevent add or remove content

Avatar

Level 2

Hello Friends,

 

What I am trying to accomplish: I am attempting to create an "Editor" access level in AEM Sites 6.5*. This level would have permission to edit text/components/content within a path they are given access but not add new components nor delete components. I've searched the internet, this forum, but nothing has pointed me in the right direction.

 

What I have done: I have been approaching this with an ACL - demonstrated in the below screenshot. I have a root path where the ACL is applied, and below that root page are child pages with no additional ACL applied.

 

What worked: I  succeeded in accomplishing this for all of the child pages within a given content path. An "editor" is able to modify text/components/content on child pages but receive an error if they attempt to add/delete a component from the page. This is acceptable to me.

 

What didn't work: The root page where my ACL is applied allows an "editor" to add/remove components from the page in addition to the desired edit capability. 

 

What I have tried: Modifying the glob/permissions below, but no combination achieves my desired result. I either end up with no access to edit anything, full access to add/remove, or, parent full access and child edit access.

 

Below is the ACL I have setup that ALMOST works.

 

ACL.png

 

Any insight or guidance anyone may have would be greatly appreciated.

 

Thanks,

 

Tom.

1 Accepted Solution

Avatar

Correct answer by
Level 2

@arunpatidar  - Thanks! It didn't exactly have the answer, but it slowed me down enough to think about the problem more! The solution may not be ideal but does seem to work for our scenarios.

 

Solution:

 

Create an editor group, give "modify" access to the desired path, then create two ACL deny rules for jcr:removeNode, jcr:addChildNodes, with the following restrictions: rep:glob="/*/jcr:content/*" and rep:glob="/jcr:content/*"

 

tcline_1-1680715348647.png

 

 

 

 

 Outcome: The result is the user in the editor group only being able to edit existing components on the page but being prevented from adding or removing any components.


Tom.

 

View solution in original post

2 Replies

Avatar

Correct answer by
Level 2

@arunpatidar  - Thanks! It didn't exactly have the answer, but it slowed me down enough to think about the problem more! The solution may not be ideal but does seem to work for our scenarios.

 

Solution:

 

Create an editor group, give "modify" access to the desired path, then create two ACL deny rules for jcr:removeNode, jcr:addChildNodes, with the following restrictions: rep:glob="/*/jcr:content/*" and rep:glob="/jcr:content/*"

 

tcline_1-1680715348647.png

 

 

 

 

 Outcome: The result is the user in the editor group only being able to edit existing components on the page but being prevented from adding or removing any components.


Tom.