I need an admin and editor group for each subtree and these admin groups should be able to add users to the related Editor group.
For example retail admin group users should be able to add users to retail editor group but they can’t add users to the corporate editor group. How can we achieve this?
The site hierarchy as follows;
- Retail Admin Group
- Retail Editor Group
- Corporate Admin Group
- Corporate Editor Group
Create your groups in location say and give modify access to that location to a group only which can modify this.
Because whenever you add a member to group it saves at rep:memebers property of group node.
Thanks for your reply.
I did what you said but when I tried to add member into group I got error on below.
Error: javax.jcr.AccessDeniedException: OakAccess0000: Access denied
It should work if you set the permissions correctly.
For example -
I created author1 group at /home/groups/d/author1 and set read, create, modify for content, conf etc (except /home, no permission to home)
Created admin1 group and set read, create, modify and other permission at /home/groups/d/author1 and read permisison at /home/users/
(or remove read and other permission from /home/groups/d/author2 , so admin1 user can't see author2)
I created author2 group at /home/groups/d/author2 and set read, create, modify for content, conf etc (except /home, no permission to home)
Created admin2 group and set read, create, modify and other permission at /home/groups/d/author2 and read permisison at /home/users/
(or remove read and other permission from /home/groups/d/author1 , so admin2 user can't see author1)
Make sure you have added permission for root as well, if no permission is set to root then their would not be any effective permission.