Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

AEM Admin Group for Editor Groups

erhn123
Level 1
Level 1

Hello,

I need an admin and editor group for each subtree and these admin groups should be able to add users to the related Editor group.

For example retail admin group users should be able to add users to retail editor group but they can’t add users to the corporate editor group. How can we achieve this?

The site hierarchy as follows;

-          en/retail

-          en/corporate-commercial

Security groups;

-          Retail Admin Group

-          Retail Editor Group

-          Corporate Admin Group

-          Corporate Editor Group

4 Replies
Arun_Patidar
Community Advisor
Community Advisor

Hi,

Create your groups in location say and give modify access to that location to a group only which can modify this.

Because whenever you add a member to group it saves at rep:memebers property of group node.

e.g.

/home/groups/c/content-authors

erhn123
Level 1
Level 1

Hi Arun,

Thanks for your reply.

I did what you said but when I tried to add member into group I got error on below.

Error: javax.jcr.AccessDeniedException: OakAccess0000: Access denied

Arun_Patidar
Community Advisor
Community Advisor

HI,

It should work if you set the permissions correctly.

For example -

I created author1 group at /home/groups/d/author1 and set read, create, modify for content, conf etc (except /home, no permission to home)

Created admin1 group and set read, create, modify and other permission at /home/groups/d/author1 and read permisison at  /home/users/

(or remove read and other permission from /home/groups/d/author2 , so admin1 user can't see author2)

I created author2 group at /home/groups/d/author2 and set read, create, modify for content, conf etc (except /home, no permission to home)

Created admin2 group and set read, create, modify and other permission at /home/groups/d/author2 and read permisison at  /home/users/

(or remove read and other permission from /home/groups/d/author1 , so admin2 user can't see author1)

Make sure you have added permission for root as well, if no permission is set to root then their would not be any effective permission.