Hi,
Name of my application is apln.
It is spread across: 1. /apps/apln, 2. /etc/designs/apln 3. /content/apln 4. /content/dam/apln
Please confirm my understanding of ACL requirements for the following roles:
Author: Creates a new page and adds content. If the page does not come out well, deletes and recreates.
Reviewer: Just reviews the page and forwards or rejects.
Approver : Just reads and rejects or Publishes.
---------------------------------------------------------------------
Author: Read on 1,2 and Read, Modify, Create and Delete on 1,2,3 and 4
Reviewer: Read on 1,2,3 and 4
Approver: Read on 1,2,3 and 4 and Replicate on 3,4.
I also read that all these should belong to workflow-users group.
Appreciate your help.
Thanks,
Rama.
Views
Replies
Total Likes
This looks reasonable -
Views
Replies
Total Likes
Of course, read on /libs folder for access to consoles, especially INBOX.
Like this is there any miss?
Thanks,
Rama.
Views
Replies
Total Likes
What about /etc/
I would recommend that Author should have at least read access from the repository root. Just to avoid so much maintenance.
Jitendra
Views
Replies
Total Likes
Hi Jitendra,
in my Development Author, /etc/cloudservices is blank, probably because I have not configured any cloud services.
In Production, the security restrictions may not allow read access to author for / (root) and we may be forced to allow access to the folders selectively based on our requirement.
But this is a very useful pointer: If we have some cloud services configured, then Author should be offered read access to /etc/cloudservices.
In fact, I have been looking for such pointers.
As I pointed out, the generic info on security was defined, but it would be very useful to derive some case studies like this.
There is a group workflowusers in 5.6, but I see that group in 6.1, but no highlighting about it as much as in 5.6.
Is it still required that workflow users should be a part of this group?
Also, do you think that the acls, we have defined so far for author, reviewer and approver are fine?
I will try these in a day and post the results anyway.
Appreciate your help.
Thanks,
Rama.
Views
Replies
Total Likes
Is it still required that workflow users should be a part of this group?
Hard to suggest anything on this. You might have to compare
Do you think that the
Yes, this looks fine to me
Jitendra
Views
Replies
Total Likes
Hi all,
Created user auth with the following acls. + /libs (For consoles access). Logged in as user auth.
Author | Read | 1. /apps/emitra , 2. /etc/designs/emitra |
Read, Modify, Create, Delete | 1. /apps/emitra, 2. /etc/designs/emitra 3. /content/emitra 4. /content/dam/emitra |
I was expecting to see emitra (my apln) in the Websites console, so that I would create content underneath it, but it is blank. (S1.docx)
I attached screen shots for the acls in S2.docx, S3.docx and S4.docx.
Kindly help.
I appreciate your support.
Thanks,
Rama.
Views
Replies
Total Likes
Attachment ?
Views
Replies
Total Likes
Hi,
i selected 4 files earlier and none was attached.
I consolidated all of the screen shots in to S1.docx and PFA the same.
Meanwhile I will try /system. For jcr:system, I guess that I should use another tool like explorer.
Appreciate your help.
Thanks,
Rama.
Views
Replies
Total Likes
Hi all,
I assigned read,modify,create, delete privileges to auth user on /system folder, but the result is the same.
Please suggest how to assign privileges to /jcr:system? I see this folder in CRX Lite, but not in AEM Security screen.
I really need Adobe support here, as I need to deliver ACLs with Workflow by the EOD today.
Appreciate all your support.
Thanks,
Rama.
Views
Replies
Total Likes
Oh Sorry. That's my bad. You can't permission for /
Jitendra
Views
Replies
Total Likes
How are you assigning these ACLs ?? Firstly I would like to do this step by step
Create a User and Assign to the OOB 'content-authors' group and see you achieve what you need. If this works, then you can create a replica of 'content-authors' group and remove ACLs for all others application folders.
Similarly try for Approver and Reviewer as well !
Not: I cannot see any of your attachments !
Views
Replies
Total Likes
Hi all,
Basically I need to know how to surmount the problem of Step Back in Workflow step.
In my case Author creates the page and triggers Workflow and it goes to Reviewer.
So, Reviewer is the first step in the workflow.
Is that why it says so?
Even then, it could go to the WF initiator (author) right?
Thanks ,Rama Krishna. (Rama)
Views
Replies
Total Likes
Hi,
No one has time to address this issue?
We, the implementers of AEM, need Adobe support at all times!
Thanks,
Rama.
Views
Replies
Total Likes
Have you provided access on libs?. FYI: Every console code is under the libs.
I guess, Read access also should be given on /system
Jitendra
Views
Replies
Total Likes
Just checking, Do you have read access to following things:
Also, check if there is any exception in browser console.
Jitendra
Views
Replies
Total Likes
HI Guys,
Their needs to be many folders/files which needs to be fine tunned to get all the consoles, js and css to work.
As per my suggestion , provide read access to / root level , save it and then navigate the /app /content /etc folders as per your requirement. I have done it on the same way and it is working fine.
/etc/clientibs . /etc/clientcontext : Needs read permission,
/etc/segmentation , /etc/mcm depends on campaigns on your project
please check this and let us know.
Views
Replies
Total Likes
Hi Gokul,
I provided read access to / root level and it started working without the MCD permissions to tags, designs and clientcontext. (They had read already).
1. Generally in Production, do they allow read access to / root level ? In my case I am not sure that they will allow this.
2. Does it mean author is able to see the whole repository? AEM may have multiple sites and why an author for a specific site needs read access to all sites?
Is there a way to condense them to only the site in question?
3. Generally these permissions are hierarchical, meaning if we select a folder, all its subfolders are selected. But in the case of /, this behavior does not seem to exist. Any idea?
4. Please examine Reviewer and Approver permissions I detailed in my original query and suggest any changes asap.
I need to deliver workflow with acls for author, reviewer and approver today and highly appreciate all your help.
Thanks,
Rama.
Views
Replies
Total Likes
Hi Rama,
You can provide read access to root / level and then fine tune your /app /content by removing the read permission for unwanted folders and save it.
So that user can login but not able to see entire repository.
As per my understanding provide RWCD permission to
/app/<PN>
/etc/tags/<PN> # if tags are used
/etc/designs/<PN>
/content/<PN> # access to users for specific content
/etc/segmentation and /content/campaigns # if your project needs it.
Please create Group with these permisiion setup and just map the users to that group. Please dont provide permission on User level.
Views
Replies
Total Likes
Hi all,
Created a Workflow, using the URL: http://blogs.adobe.com/learningwem/2011/11/30/cq5-4-workflow-example-approve-reject-by-the-reviewer/
I created users auth (Author) and app (Approver) with the above mentioned ACLs.
Logged in as auth, created a page, authored it and triggered workflow.
Logged in as app and saw the task in the Inbox.
I am able to complete the task and as per the flow, the page is published.
But when I selected "Step Back" button, it displays "There are no items that can step back.".
Somehow, the ACLs required for hitting "Complete" button look to be different from those of "Step Back" button.
Or I might have wrongly configured the workflow.
Any ideas?
Appreciate your help.
Thanks,
Rama.
Views
Replies
Total Likes
Its possible you cannot step back in this workflow. However - i do not believe there is an additional permission to step back. So its not an ACL issue. However - i will confirm.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies