ACL Permission - Editor Level - Edit existing content - Prevent add or remove content | Community
Skip to main content
T
tcline
Level 2
March 23, 2023
Solved

ACL Permission - Editor Level - Edit existing content - Prevent add or remove content

  • March 23, 2023
  • 1 reply
  • 1499 views

Hello Friends,

 

What I am trying to accomplish: I am attempting to create an "Editor" access level in AEM Sites 6.5*. This level would have permission to edit text/components/content within a path they are given access but not add new components nor delete components. I've searched the internet, this forum, but nothing has pointed me in the right direction.

 

What I have done: I have been approaching this with an ACL - demonstrated in the below screenshot. I have a root path where the ACL is applied, and below that root page are child pages with no additional ACL applied.

 

What worked: I  succeeded in accomplishing this for all of the child pages within a given content path. An "editor" is able to modify text/components/content on child pages but receive an error if they attempt to add/delete a component from the page. This is acceptable to me.

 

What didn't work: The root page where my ACL is applied allows an "editor" to add/remove components from the page in addition to the desired edit capability. 

 

What I have tried: Modifying the glob/permissions below, but no combination achieves my desired result. I either end up with no access to edit anything, full access to add/remove, or, parent full access and child edit access.

 

Below is the ACL I have setup that ALMOST works.

 

 

Any insight or guidance anyone may have would be greatly appreciated.

 

Thanks,

 

Tom.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by tcline

@arunpatidar  - Thanks! It didn't exactly have the answer, but it slowed me down enough to think about the problem more! The solution may not be ideal but does seem to work for our scenarios.

 

Solution:

 

Create an editor group, give "modify" access to the desired path, then create two ACL deny rules for jcr:removeNode, jcr:addChildNodes, with the following restrictions: rep:glob="/*/jcr:content/*" and rep:glob="/jcr:content/*"

 

 

 

 

 

 Outcome: The result is the user in the editor group only being able to edit existing components on the page but being prevented from adding or removing any components.


Tom.

 

1 reply

arunpatidar
Community Advisor
arunpatidarCommunity Advisor
Community Advisor
March 24, 2023

Can you please check if this helps?

https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html 

Arun Patidar
    T
    tclineAuthorAccepted solution
    Level 2
    April 5, 2023

    @arunpatidar  - Thanks! It didn't exactly have the answer, but it slowed me down enough to think about the problem more! The solution may not be ideal but does seem to work for our scenarios.

     

    Solution:

     

    Create an editor group, give "modify" access to the desired path, then create two ACL deny rules for jcr:removeNode, jcr:addChildNodes, with the following restrictions: rep:glob="/*/jcr:content/*" and rep:glob="/jcr:content/*"

     

     

     

     

     

     Outcome: The result is the user in the editor group only being able to edit existing components on the page but being prevented from adding or removing any components.


    Tom.

     

      Terms & ConditionsAccessibility statement

      Loading footer...