Adobe Experience Manager Sites & More

rss43181551 · 3/9/16

Hello Friends,

I am trying to create a set of users that will be only using AEM Assets in 6.1.

To test and try this out, I create a new group 'dam-test-group'. Then created a user 'dam-test-user'. Added 'dam-test-user' to 'dam-test-group'.

Then I logged out from Admin account and tried to login using dam-test-user with user-id and pw i had created.

But login isnt successful.

Then I realized, that it is a correct behavior, as I hadnt given any permissions to the 'dam-test-group'. To see what permissions I should give, i logged in as admin again and had a look at the 'dam-users' user-group. Now this group has a lot of boxes checked.

I was wondering if someone could point me to what is the minimum set of permissions I should provide this user-group for allowing access to DAM/Assets.

Here is what I thought I could do:

A) Given a minimum set of permissions to user-group. But not sure whats the minimum it would need.

B) Just add my 'dam-test-group' to the OOTB 'dam-users' group. But my concern is, would this OOTB 'dam-users' group be available if AEM is setup with nosamplecontent?

Thanks in advance for your help and guidance.

edubey · 3/9/16

Answer to B: Yes it would be present as nosamplecontent will only remove default projects

Before answering to A, just to wanted to know wht all those dam user should be able to do?...example. only read files, or read and modify...etc..

rss43181551 · 3/9/16

Hi @edubey,

Thanks for your response.

A) Lets say any dam operation. Be it Read, Modify, Create, Delete & Replicate.

B) If the OOTB dam-users group stays even when AEM is installed with nosamplecontent, then that means AEM keeps it there for a purpose. Do you think it is a standard practice in your project experience, to create new users and just add them to OOTB user-groups like dam-users, authors etc?

Thanks

RS

edubey · 3/9/16

1) make sure all these are checked for you group in which you are adding users

2) If there exists a group with same permission you need, then you should existing one. else create new one.

Give permission to group not users

rss43181551 · 3/9/16

Hi @eDubey,

Thanks.

Quoting you here "make sure all these are checked"...Which all should be checked? All Read, Modify, Create, Delete & Replicate for "WHICH" node? Only content/dam?

Because I did that and the problem in login still happens. See below snapshot. I have checked all boxes for ONLY the content/dam node.

Then I looked at the OOTB dam-users group. It has Read permissions on many other nodes also. See below:

So my question is, is this the Minimum set of permissions that a DAM user should have?

So if I take option A) from above, creating my user-group and myself giving permissions, I would have to drill down at each node and see upto what level deep the Read permissions have been given for dam-users group and do the same for my group. Shouldnt there be an easier way than this? Which makes me think, may be creating a new user-group and adding it to dam-users group IS THE STANDARD way by which this is done across other projects as well.

So I wanted to know if anyone has experience creating such a group and how they do it usually.

edubey · 3/10/16

Do following and let me know how it goes:

1. Create a test user and don't give any permission to it.

2. Add test user to dam-users group which is already present in aem

3. Go to test user and under group tab u should see two groups, everyone and dam-users.

4. Now login with this user.

It worked for me in AEM 6.1...

Adobe Experience Manager Sites & More

AEM6.1 Minimum Permissions for allowing a new user to access and user AEM Assets - Minimum permissions for DAM User

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe