Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM Authorizations

Avatar

Level 7

Hi all,

I have an AEM web page, with 4 different sections.

The authors for these individual sections are different.

How does the admin offer access to different users (authors) on different sections?

As far I know, it is done at a page level and not below it (within the page.)

Appreciate your responses.

Thanks,

Rama.

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi

This is Jorg Hoh's reply:-

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

But, 

I have read an article "Using Components as Boilerplates"

//

When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.

To use a component as boilerplate content, perform the following three tasks:

  • To set up boilerplate content, create an instance of the component and reference it from multiple pages.
  • To limit who can edit the component content, apply an ACL to the component instance.
  • To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.

For ease of implementation and maintenance, the two types of users should belong to different user groups:

  • Authors who cannot edit boilerplate content.
  • Senior authors or editors who edit boilerplate content.

Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing

 

I hope this can help you.

 

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

View solution in original post

5 Replies

Avatar

Level 9

Hi,

Well, AEM does provide ACL (access control) at lower levels as well. However, you have set permission for the group not for the individual users.

For more details : https://docs.adobe.com/docs/en/aem/6-1/administer/security/security.html

--

jitendra

Avatar

Level 7

Hi Jitendra,

Thanks for your reply.

Could you please point me specifically to the areas of documentation that describes how to offer access to anyone to only some sections of a web page?

My understanding is that the User Admin and ACLs are matrix like structures for web pages.

Thanks,

Rama.

Avatar

Level 10

You cannot set ACL permissions to individual sections on a page. You set them at the node level - which is the page. HEre is an older community thread that talks about this. 

Avatar

Correct answer by
Administrator

Hi

This is Jorg Hoh's reply:-

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

But, 

I have read an article "Using Components as Boilerplates"

//

When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.

To use a component as boilerplate content, perform the following three tasks:

  • To set up boilerplate content, create an instance of the component and reference it from multiple pages.
  • To limit who can edit the component content, apply an ACL to the component instance.
  • To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.

For ease of implementation and maintenance, the two types of users should belong to different user groups:

  • Authors who cannot edit boilerplate content.
  • Senior authors or editors who edit boilerplate content.

Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing

 

I hope this can help you.

 

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

Avatar

Level 7

Thanks a lot to all who replied.

Now I got a very clear idea on this subject.

Thanks,

Rama.