SOLVED
AEM Authorizations
1 Accepted Solution
Correct answer by
Hi
This is Jorg Hoh's reply:-
On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.
So, as a recommendation: Do not try to implement component-based security. Because you will run into problems you need to handle:
* Maintaining ACLs on components (no UI available for this ootb)
* The editmode is not built to handle write-protected components.
I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.
But,
I have read an article "Using Components as Boilerplates"
//
When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.
To use a component as boilerplate content, perform the following three tasks:
- To set up boilerplate content, create an instance of the component and reference it from multiple pages.
- To limit who can edit the component content, apply an ACL to the component instance.
- To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.
For ease of implementation and maintenance, the two types of users should belong to different user groups:
- Authors who cannot edit boilerplate content.
- Senior authors or editors who edit boilerplate content.
Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing
I hope this can help you.
Thanks and Regards
Kautuk Sahni
Kautuk Sahni
Correct answer by
Hi
This is Jorg Hoh's reply:-
On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ5 itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.
So, as a recommendation: Do not try to implement component-based security. Because you will run into problems you need to handle:
* Maintaining ACLs on components (no UI available for this ootb)
* The editmode is not built to handle write-protected components.
I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.
But,
I have read an article "Using Components as Boilerplates"
//
When multiple authors develop content for large or multiple related web sites, it is often desirable to limit authors' ability to edit specific components on a page. For example, most authors should not be able to change boilerplate text that appears on multiple pages. However, senior authors or editors must be able to edit the text. Furthermore, authors must be able to edit other, non-boilerplate components on the same page.
To use a component as boilerplate content, perform the following three tasks:
- To set up boilerplate content, create an instance of the component and reference it from multiple pages.
- To limit who can edit the component content, apply an ACL to the component instance.
- To provide an effective authoring experience, prevent the opening of the compoent's editing dialog box.
For ease of implementation and maintenance, the two types of users should belong to different user groups:
- Authors who cannot edit boilerplate content.
- Senior authors or editors who edit boilerplate content.
Link:- https://docs.adobe.com/content/docs/en/cq/5-6-1/developing/boilerplates.html#Preventing
I hope this can help you.
Thanks and Regards
Kautuk Sahni
Kautuk Sahni
Related Conversations
