Highlighted

AEM Admin Group for Editor Groups

Avatar

Avatar

erhn123

Avatar

erhn123

erhn123

24-06-2019

Hello,

I need an admin and editor group for each subtree and these admin groups should be able to add users to the related Editor group.

For example retail admin group users should be able to add users to retail editor group but they can’t add users to the corporate editor group. How can we achieve this?

The site hierarchy as follows;

-          en/retail

-          en/corporate-commercial

Security groups;

-          Retail Admin Group

-          Retail Editor Group

-          Corporate Admin Group

-          Corporate Editor Group

Replies

Highlighted

Avatar

Avatar

hamidk92094312

Employee

Avatar

hamidk92094312

Employee

hamidk92094312
Employee

24-06-2019

You may use AEM roles to achieve what you are looking for:

Adobe Experience Manager Help | Creating and configuring roles

Highlighted

Avatar

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831
Arun_Patidar
MVP

24-06-2019

Hi,

Create your groups in location say and give modify access to that location to a group only which can modify this.

Because whenever you add a member to group it saves at rep:memebers property of group node.

e.g.

/home/groups/c/content-authors

Highlighted

Avatar

Avatar

erhn123

Avatar

erhn123

erhn123

24-06-2019

Hi Arun,

Thanks for your reply.

I did what you said but when I tried to add member into group I got error on below.

Error: javax.jcr.AccessDeniedException: OakAccess0000: Access denied

Highlighted

Avatar

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831
Arun_Patidar
MVP

25-06-2019

HI,

It should work if you set the permissions correctly.

For example -

I created author1 group at /home/groups/d/author1 and set read, create, modify for content, conf etc (except /home, no permission to home)

Created admin1 group and set read, create, modify and other permission at /home/groups/d/author1 and read permisison at  /home/users/

(or remove read and other permission from /home/groups/d/author2 , so admin1 user can't see author2)

I created author2 group at /home/groups/d/author2 and set read, create, modify for content, conf etc (except /home, no permission to home)

Created admin2 group and set read, create, modify and other permission at /home/groups/d/author2 and read permisison at  /home/users/

(or remove read and other permission from /home/groups/d/author1 , so admin2 user can't see author1)

Make sure you have added permission for root as well, if no permission is set to root then their would not be any effective permission.