Level 3

Solved

Allow certain users of a group to access only fewer content, in AEM as a cloud service

Forum|Forum|3 years ago
June 21, 2022
4 replies
2202 views

Hi all,

I have created certain users and now I want that users can view only certain pages of my project.

I want to know what are the permissions I require for the same.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Himanshu_Jain

You can create a group and add those users in that group with read only permission( group level) to required pages.

Ref:

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-groups-and-permissions.html?lang=en

Himanshu_Jain

Accepted solution

Community Advisor

You can create a group and add those users in that group with read only permission( group level) to required pages.

Ref:

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-groups-and-permissions.html?lang=en

Himanshu Jain

ShaileshBassi

Community Advisor

@janhavi_singh You can refer to the document https://www.theaemmaven.com/post/configuring-author-access-on-aemaacs-instances

It has detailed steps to configure the custom group and map it to the IMS groups.

It also covers the details about the steps to create the groups via repo-init scripts under the section "Creating the Group With Repository Initialization (repoinit)"

Sample for it is:

# this group will have as one of its members, the IMS group.
create group mysite-authors with forced path /home/groups/mysite
set properties on authorizable(mysite-authors)/profile
    set givenName to \"My Site Authors\"
    set aboutMe to \"The bridge between IMS and AEM local groups.\"
end

# these are OOTB groups that do not exist in buildImages pipeline step
create group content-authors
create group dam-users

# add our local group to the OOTB groups used as baseline
add mysite-authors to group content-authors
add mysite-authors to group dam-users

# set ACL for our local group
set ACL for mysite-authors
    deny crx:replicate,rep:write on /content
    allow crx:replicate,rep:write on /content/mysite
    allow crx:replicate,rep:write on /content/dam/mysite
end

Thanks

vanegi

Adobe Employee

Hi @janhavi_singh,

Please check the following documentation links to learn how to define AEM groups and permissions and how they work in concert with Adobe IMS abstractions to provide seamless and customizable access to AEM. AEMaaCS builds on Adobe IMS users, user groups, and product profiles in order to provide users customizable access to AEM.

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-groups-and-permissions.html?lang=en

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/overview.html?lang=en

Thanks!!

D

digarg17

Adobe Employee

@janhavi_singh : Create a new group with 'Contributor' as base group . You may want to choose any other ootb group too based on your need.This would give basic permissions on all paths like /apps , /var etc. Do a deny jcr:all on the main content root project path e.g. /content/<project> and then selectively give jcr:read on the page paths where you want to give read access. Once the group is created assign the users to this new group. Below is an example where I selectively gave read access to certain dam folders. Hope this helps. And like Shailesh also mentioned, you can either do this manually or through repo init script as part of your code base initial setup.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded