Expand my Community achievements bar.

SOLVED

Allow certain users of a group to access only fewer content, in AEM as a cloud service

Avatar

Level 3

Hi all,

 

I have created certain users and now I want  that users can view only certain pages of my project.

I want to know what are the permissions I require for the same.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You can create a group and add those users in that group with read only permission( group level) to required pages.

Ref: 

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-g...

 

Himanshu Jain

View solution in original post

4 Replies

Avatar

Correct answer by
Community Advisor

You can create a group and add those users in that group with read only permission( group level) to required pages.

Ref: 

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-g...

 

Himanshu Jain

Avatar

Community Advisor

@janhavi_singh You can refer to the document https://www.theaemmaven.com/post/configuring-author-access-on-aemaacs-instances

It has detailed steps to configure the custom group and map it to the IMS groups. 

It also covers the details about the steps to create the groups via repo-init scripts under the section "Creating the Group With Repository Initialization (repoinit)"

Sample for it is:

# this group will have as one of its members, the IMS group.
create group mysite-authors with forced path /home/groups/mysite
set properties on authorizable(mysite-authors)/profile
    set givenName to \"My Site Authors\"
    set aboutMe to \"The bridge between IMS and AEM local groups.\"
end

# these are OOTB groups that do not exist in buildImages pipeline step
create group content-authors
create group dam-users

# add our local group to the OOTB groups used as baseline
add mysite-authors to group content-authors
add mysite-authors to group dam-users

# set ACL for our local group
set ACL for mysite-authors
    deny crx:replicate,rep:write on /content
    allow crx:replicate,rep:write on /content/mysite
    allow crx:replicate,rep:write on /content/dam/mysite
end

 

Thanks

Avatar

Employee

Hi @janhavi_singh,

Please check the following documentation links to learn how to define AEM groups and permissions and how they work in concert with Adobe IMS abstractions to provide seamless and customizable access to AEM. AEMaaCS builds on Adobe IMS users, user groups, and product profiles in order to provide users customizable access to AEM.

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-g...

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/overview.ht...

 

Thanks!!

 

 

Avatar

Level 4

@janhavi_singh  : Create a new group with 'Contributor' as base group . You may want to choose any other ootb group too based on your need.This would give basic permissions on all paths like /apps , /var etc. Do a deny jcr:all on the main content root project path e.g. /content/<project> and then selectively give jcr:read on the page paths where you want to give read access. Once the group is created assign the users to this new group. Below is an example where I selectively gave read access to certain dam folders. Hope this helps. And like Shailesh also mentioned, you can either do this manually or through repo init script as part of your code base initial setup.

Screenshot 2022-06-21 at 6.25.12 PM.png