Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Allowing access to Page Property tab of a particular template to a particular group only.

Avatar

Adobe Champion

Hi All ,

I have a particular template A , Corresponding to this template I have a page property tab in dialog say B . I want that fields in this tab B should only be edited by a particular group C . For implementing this there are few ways like ACL permissions , java class called on dialog load content and doing functionality . 

But while doing ACL , I want to make it editable only for a particular group C and not any other group . Can anyone suggest it's implementation if done or any other inputs .

Thanks,

Deepak

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

 

Use rep:glob to achieve the requirements.

  • Create a generic group that provides READ-ONLY permission on properties defined in Tab-B.
  • Add all groups that should have read-only access on Tab-B to this group/

This will assure, that even if Group D has higher access on top-level nodes, combination with rep:glob with restrict it on those specific properties.

While group-C can continue to edit the properties on Tab-B

 

 


Aanchal Sikka

View solution in original post

6 Replies

Avatar

Level 10

using crxdelight acl tab provide permission to node of tab b to group c.

Avatar

Adobe Champion

Hi Sham ,

First point is I want this permission only to a group c , so if I check parent level ACL's automatically it is allowed .

Suppose I have a group D in which also all ACL's author check , in this case I unchecked ACL permission below tab still was able to edit that tab , so not sure why ACL did'nt worked in this case .

Thanks,

Deepak

Avatar

Adobe Champion

Sham HC wrote...

using crxdelight acl tab provide permission to node of tab b to group c.

 

Hi Sham ,

Thanks for your inputs , this will work and permission will be assigned of that node of tab b to group c .

But what is happening is , suppose I have a group D having all permissions , now I do not want to give access to node of tab b to this group D , so either by crxde lite or useradmin I am not giving access to this group by unchecking permissions of write , modify , create below this node .But , when I am opening page properties still I am able to edit that node of tab despite unchecking the permissions . Kindly let me know what I have done wrong or any inputs for the same i.e I don't want to edit node of tab for a group D having all permissions .

Thanks,

Deepak

Avatar

Correct answer by
Community Advisor

 

Use rep:glob to achieve the requirements.

  • Create a generic group that provides READ-ONLY permission on properties defined in Tab-B.
  • Add all groups that should have read-only access on Tab-B to this group/

This will assure, that even if Group D has higher access on top-level nodes, combination with rep:glob with restrict it on those specific properties.

While group-C can continue to edit the properties on Tab-B

 

 


Aanchal Sikka

Avatar

Level 1

Hi Deepak,

don't use the AEM Permissions UI for that, use CRX DE Light by all means: ACEs are evaluated in order, so you probably want a deny-read for a group that contains *all* authors first, and then the allow-read for group D. (the group for the deny depends on your setup, in terms of ootb groups, it would probably be contributers)

Cheers
Ben

Avatar

Adobe Champion

Hi Ben ,

Thanks for your response , I have 2 questions , need your inputs/response for the same .

1. After using crxde for a particular node , you are telling to first deny-read for a group that contains all authors first , which authors you are telling about ? Is it all groups apart from one group which I need to allow , so for all other groups I need to deny manually first ? Then you are saying to allow for a particlar group D . Since , I will be doing by crxde so do I have to always make it a part of build to proceed as with each fresh build  permission nodes of crxde will be removed . 

2.  Since this "component/tab" is at "/apps" level and suppose I have to delete this permission nodes on some condition whether checkbox to allow for other groups , then if I delete this node it will be for all instances of "component/tab" and  not for that particular instance of "component/tab" . Any idea or inputs to approach this .?

Thanks,

Deepak