Allowing access to Page Property tab of a particular template to a particular group only. | Community
Skip to main content
Adobe Champion
November 2, 2015
Solved

Allowing access to Page Property tab of a particular template to a particular group only.

  • November 2, 2015
  • 5 replies
  • 3419 views

Hi All ,

I have a particular template A , Corresponding to this template I have a page property tab in dialog say B . I want that fields in this tab B should only be edited by a particular group C . For implementing this there are few ways like ACL permissions , java class called on dialog load content and doing functionality . 

But while doing ACL , I want to make it editable only for a particular group C and not any other group . Can anyone suggest it's implementation if done or any other inputs .

Thanks,

Deepak

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by aanchal-sikka

 

Use rep:glob to achieve the requirements.

  • Create a generic group that provides READ-ONLY permission on properties defined in Tab-B.
  • Add all groups that should have read-only access on Tab-B to this group/

This will assure, that even if Group D has higher access on top-level nodes, combination with rep:glob with restrict it on those specific properties.

While group-C can continue to edit the properties on Tab-B

 

 

5 replies

Sham_HC
Level 10
November 2, 2015

using crxdelight acl tab provide permission to node of tab b to group c.

Adobe Champion
November 2, 2015

Hi Sham ,

First point is I want this permission only to a group c , so if I check parent level ACL's automatically it is allowed .

Suppose I have a group D in which also all ACL's author check , in this case I unchecked ACL permission below tab still was able to edit that tab , so not sure why ACL did'nt worked in this case .

Thanks,

Deepak

Adobe Champion
November 3, 2015

Sham HC wrote...

using crxdelight acl tab provide permission to node of tab b to group c.

 

Hi Sham ,

Thanks for your inputs , this will work and permission will be assigned of that node of tab b to group c .

But what is happening is , suppose I have a group D having all permissions , now I do not want to give access to node of tab b to this group D , so either by crxde lite or useradmin I am not giving access to this group by unchecking permissions of write , modify , create below this node .But , when I am opening page properties still I am able to edit that node of tab despite unchecking the permissions . Kindly let me know what I have done wrong or any inputs for the same i.e I don't want to edit node of tab for a group D having all permissions .

Thanks,

Deepak

aanchal-sikka
Community Advisor
aanchal-sikkaCommunity AdvisorAccepted solution
Community Advisor
December 15, 2023

 

Use rep:glob to achieve the requirements.

  • Create a generic group that provides READ-ONLY permission on properties defined in Tab-B.
  • Add all groups that should have read-only access on Tab-B to this group/

This will assure, that even if Group D has higher access on top-level nodes, combination with rep:glob with restrict it on those specific properties.

While group-C can continue to edit the properties on Tab-B

 

 

Aanchal Sikka
Ben_Peter
November 3, 2015

Hi Deepak,

don't use the AEM Permissions UI for that, use CRX DE Light by all means: ACEs are evaluated in order, so you probably want a deny-read for a group that contains *all* authors first, and then the allow-read for group D. (the group for the deny depends on your setup, in terms of ootb groups, it would probably be contributers)

Cheers
Ben

Adobe Champion
November 5, 2015

Hi Ben ,

Thanks for your response , I have 2 questions , need your inputs/response for the same .

1. After using crxde for a particular node , you are telling to first deny-read for a group that contains all authors first , which authors you are telling about ? Is it all groups apart from one group which I need to allow , so for all other groups I need to deny manually first ? Then you are saying to allow for a particlar group D . Since , I will be doing by crxde so do I have to always make it a part of build to proceed as with each fresh build  permission nodes of crxde will be removed . 

2.  Since this "component/tab" is at "/apps" level and suppose I have to delete this permission nodes on some condition whether checkbox to allow for other groups , then if I delete this node it will be for all instances of "component/tab" and  not for that particular instance of "component/tab" . Any idea or inputs to approach this .?

Thanks,

Deepak