Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Assets: Granular permissions to protect source content

Avatar

Level 1
Level 1
8/6/18 6:39:52 AM

Hi,

I have a client use case where Rights Managed content will be in Assets.  The client wants to flag the content with a Boolean metadata, when has rights =YES, they want to restrict users from accessing the source(originally uploaded file like a PSD), will display a "request asset" button that will trigger a workflow to fulfill the request. But still be able to download a watermarked FPO version. As far as I can tell if you have access to the node you have access to everything in it. This permission overall would be based on user groups. so Admins, librarians would not have this restriction.

This is one of a number of workflows that I see being able to leverage permissions within a node, as this Assets implementation will house master/production ready sources, that have rights and other restrictions like date based usage. Anyone out there have a solution?

Thanks!

Views

447

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
8/6/18 11:11:39 PM

So if we translate this requirement into technical terms, would it be sufficient to say that "the ability to read the original rendition should be based on a specific boolean property on the asset metadata"?

I haven't implemented it, but for me it seems, that you can build something along this requirement based on the example of the custom Oak restriction provider [1]. It's not a perfect 100% match, but it comes close enough to justify a test.

[1] https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

View solution in original post

Views

383

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee Advisor
Employee Advisor
8/6/18 11:11:39 PM

So if we translate this requirement into technical terms, would it be sufficient to say that "the ability to read the original rendition should be based on a specific boolean property on the asset metadata"?

I haven't implemented it, but for me it seems, that you can build something along this requirement based on the example of the custom Oak restriction provider [1]. It's not a perfect 100% match, but it comes close enough to justify a test.

[1] https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

Views

384

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
I want to disable the delete copy move and all the other options for the child components Solved

Views

134

Likes

0

Replies

5
How to propagate template code changes to sites using that template

Views

58

Likes

0

Replies

3
how to implement nonce for Content-Security-Policy script-src directive in dispatcher

Views

64

Likes

0

Replies

1
Sharing common data to multiple features in Tab component

Views

185

Likes

0

Replies

11
Ability to preview or thumbnail to preview for XF

Views

70

Likes

0

Replies

2