SOLVED
Allow certain users of a group to access only fewer content, in AEM as a cloud service
@janhavi_singh You can refer to the document https://www.theaemmaven.com/post/configuring-author-access-on-aemaacs-instances
It has detailed steps to configure the custom group and map it to the IMS groups.
It also covers the details about the steps to create the groups via repo-init scripts under the section "Creating the Group With Repository Initialization (repoinit)"
Sample for it is:
# this group will have as one of its members, the IMS group.
create group mysite-authors with forced path /home/groups/mysite
set properties on authorizable(mysite-authors)/profile
set givenName to \"My Site Authors\"
set aboutMe to \"The bridge between IMS and AEM local groups.\"
end
# these are OOTB groups that do not exist in buildImages pipeline step
create group content-authors
create group dam-users
# add our local group to the OOTB groups used as baseline
add mysite-authors to group content-authors
add mysite-authors to group dam-users
# set ACL for our local group
set ACL for mysite-authors
deny crx:replicate,rep:write on /content
allow crx:replicate,rep:write on /content/mysite
allow crx:replicate,rep:write on /content/dam/mysite
end
Thanks
@janhavi_singh : Create a new group with 'Contributor' as base group . You may want to choose any other ootb group too based on your need.This would give basic permissions on all paths like /apps , /var etc. Do a deny jcr:all on the main content root project path e.g. /content/<project> and then selectively give jcr:read on the page paths where you want to give read access. Once the group is created assign the users to this new group. Below is an example where I selectively gave read access to certain dam folders. Hope this helps. And like Shailesh also mentioned, you can either do this manually or through repo init script as part of your code base initial setup.
