Adobe Experience Manager Sites & More

Of course, read on /libs folder for access to consoles, especially INBOX.

Like this is there any miss?

Thanks,

Rama.

What about /etc/cloudservices?.

I would recommend that Author should have at least read access from the repository root. Just to avoid so much maintenance.

Jitendra

Hi Jitendra,

in my Development Author, /etc/cloudservices is blank, probably because I have not configured any cloud services.

In Production, the security restrictions may not allow read access to author for / (root) and we may be forced to allow access to the folders selectively based on our requirement.

But this is a very useful pointer: If we have some cloud services configured, then Author should be offered read access to /etc/cloudservices.

In fact, I have been looking for such pointers.

As I pointed out, the generic info on security was defined, but it would be very useful to derive some case studies like this.

There is a group workflowusers in 5.6, but I see that group in 6.1, but no highlighting about it as much as in 5.6.

Is it still required that workflow users should be a part of this group?

Also, do you think that the acls, we have defined so far for author, reviewer and approver are fine?

I will try these in a day and post the results anyway.

Appreciate your help.

Thanks,

Rama.

Is it still required that workflow users should be a part of this group? 

Hard to suggest anything on this. You might have to compare worflowusers in different versions. That's all I can think of.

Do you think that the acls, we have defined so far for author, reviewer and approver are fine?

Yes, this looks fine to me.And, as you know, ACL is never ending process. You will be adding/removing users n their permissions. It's best agile tricks. You get feedback, you improve it. So, don't worry. 

Jitendra

Hi all,

Created user auth with the following acls. + /libs (For consoles access). Logged in as user auth.

I was expecting to see emitra (my apln) in the Websites console, so that I would create content underneath it, but it is blank. (S1.docx)

I attached screen shots for the acls in S2.docx, S3.docx and S4.docx.

Kindly help.

I appreciate your support.

Thanks,

Rama.

Attachment ?

Hi,

i selected 4 files earlier and none was attached.

I consolidated all of the screen shots in to S1.docx and PFA the same.

Meanwhile I will try /system. For jcr:system, I guess that I should use another tool like explorer.

Appreciate your help.

Thanks,

Rama.

Hi all,

I assigned read,modify,create, delete privileges to auth user on /system folder, but the result is the same.

Please suggest how to assign privileges to /jcr:system? I see this folder in CRX Lite, but not in AEM Security screen.

I really need Adobe support here, as I need to deliver ACLs with Workflow by the EOD today.

Appreciate all your support.

Thanks,

Rama.

Oh Sorry. That's my bad. You can't permission for /jcr:system. It inherits from the root.

Jitendra

How are you assigning these ACLs ?? Firstly I would like to do this step by step

Create a User and Assign to the OOB 'content-authors' group and see you achieve what you need. If this works, then you can create a replica of 'content-authors' group and remove ACLs for all others application folders.

Similarly try for Approver and Reviewer as well !

Not: I cannot see any of your attachments !

Hi all,

Basically I need to know how to surmount the problem of Step Back in Workflow step.

In my case Author creates the page and triggers Workflow and it goes to Reviewer.

So, Reviewer is the first step in the workflow.

Is that why it says so?

Even then, it could go to the WF initiator (author) right?
 
Thanks ,Rama Krishna. (Rama)

Hi,

No one has time to address this issue?

We, the implementers of AEM, need Adobe support at all times!

Thanks,

Rama.

Have you provided access on libs?. FYI: Every console code is under the libs.

I guess, Read access also should be given on /system

Jitendra

Just checking, Do you have read access to following things:

• /etc/tags/
• /etc/msm/
• /etc/clientlibs/
• /etc/designs
• /etc/clientContext
• /etc/segmentation

Also, check if there is any exception in browser console.

Jitendra

HI Guys,

Their needs to be many folders/files which needs to be fine tunned to get all the consoles, js and css to work.  

As per my suggestion , provide read access to / root level , save it and then navigate the /app /content /etc folders as per your requirement. I have done it on the same way and it is working fine. 

/etc/clientibs . /etc/clientcontext  : Needs read permission, 

• /etc/tags/ . 
• /etc/designs
• /etc/clientContext    : Needs   RWCD permission

/etc/segmentation , /etc/mcm depends on campaigns on your project 

please check this and let us know.

Hi Gokul,

I provided read access to / root level and it started working without the MCD permissions to tags, designs and clientcontext. (They had read already).

1. Generally in Production, do they allow read access to / root level ? In my case I am not sure that they will allow this.

2. Does it mean author is able to see the whole repository? AEM may have multiple sites and why an author for a specific site needs read access to all sites?

Is there a way to condense them to only the site in question?

3. Generally these permissions are hierarchical, meaning if we select a folder, all its subfolders are selected. But in the case of /, this behavior does not seem to exist. Any idea?

4. Please examine Reviewer and Approver permissions I detailed in my original query and suggest any changes asap. 

I need to deliver workflow with acls for author, reviewer and approver today and highly appreciate all your help.

Thanks,

Rama.

Hi Rama,

You can provide read access to root / level and then fine tune your /app /content by removing the read permission for unwanted folders and save it.

So that user can login but not able to see entire repository.  

As per my understanding provide RWCD permission to 

/app/<PN>

/etc/tags/<PN> # if tags are used

/etc/designs/<PN> 

/content/<PN>  # access to users for specific content 

/etc/segmentation and /content/campaigns # if your project needs it.

Please create Group with these permisiion setup and just map the users to that group. Please dont provide permission on User level.

Hi all,

Created a Workflow, using the URL: http://blogs.adobe.com/learningwem/2011/11/30/cq5-4-workflow-example-approve-reject-by-the-reviewer/

I created users auth (Author) and app (Approver) with the above mentioned ACLs.

Logged in as auth, created a page, authored it and triggered workflow.

Logged in as app and saw the task in the Inbox.

I am able to complete the task and as per the flow, the page is published.

But when I selected "Step Back" button, it displays "There are no items that can step back.".

Somehow, the ACLs required for hitting "Complete" button look to be different from those of "Step Back" button.

Or I might have wrongly configured the workflow.

Any ideas?

Appreciate your help.

Thanks,

Rama.

Its possible you cannot step back in this workflow. However - i do not believe there is an additional permission to step back. So its not an ACL issue.  However - i will confirm.