Adobe Experience Manager Sites & More

aem_noob · 10/27/23

hi all,

I have given the below yaml config for base group but it is throwing up an empty page on /aem/start.html - Any help?

- group_config:
    - proj-base:
          path: equinix

- ace_config:

- proj-base:
- path: /
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /libs
permission: allow
privileges: jcr:read
- path: /apps
permission: allow
privileges: jcr:read
- path: /var
permission: allow
privileges: jcr:read
- path: /etc
permission: allow
privileges: jcr:read
- path: /home
permission: allow
privileges: jcr:read
- path: /conf
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /content
permission: allow
privileges: jcr:read
- path: /content/dam
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /content
permission: deny
privileges: jcr:removeNode,jcr:removeChildNodes,crx:replicate

Rohan_Garg · 10/31/23

@aem_noob - Please remove and re-test

- path: /libs/cq/core/content/nav/tools/security
permission: deny
privileges: jcr:read

View solution in original post

aanchal-sikka · 10/27/23

Hello @aem_noob

I guess you are trying to use Netcentric ACL Tool.

It should execute the yaml file soon after deployment. Or by trigerring it manually via Security > Netcentric ACL Tool

reference:https://blogs.perficient.com/2020/04/23/getting-started-with-the-netcentric-access-control-tool/

Also, for creating Base groups, try to reuse OOTB AEM groups like authors, contributors etc. This will assure you have the basic permissions needed for browsing through the UI.

Aanchal Sikka

aem_noob · 10/28/23

The yaml is being executed but the console is empty. We have been asked to give allow permissions at root level to all the parent folders & not use OTB groups.

Rohan_Garg · 10/27/23

These permissions are working fine for a base group as validated on a netcentric.

Do you have some other permissions as well on your YAML file?

Can you attach the logs from the server?

aem_noob · 10/30/23

- path: /content/dam/collections
  permission: allow
  privileges: jcr:write,crx:replicate
- path: /libs/dam/gui/content/reports
  permission: allow
  privileges: jcr:read
- path: /libs/dam/gui/content/nav/tools/assets/assetreports
  permission: allow
  privileges: jcr:read
- path: /libs/cq/core/content/nav/tools/security
  permission: deny
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content
  permission: deny
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content/instances
  permission: allow
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content/models
  permission: deny
  privileges: jcr:read

Rohan_Garg · 10/31/23

@aem_noob - Please remove and re-test

- path: /libs/cq/core/content/nav/tools/security
permission: deny
privileges: jcr:read

aanchal-sikka · 10/31/23

@aem_noob

If you have a Cloud instance, you would not be able to set permissions via Netcentric on any /libs path.

For /libs, please use repo-init scripts

Aanchal Sikka

aem_noob · 10/31/23

I am able to restrict read access for various tools and options via netcentric @aanchal-sikka

aanchal-sikka · 10/31/23

Thanks @aem_noob for sharing the information. Glad to know that Netcentric also works with /libs on AEMaaCS server

Aanchal Sikka

aem_noob · 10/31/23

This worked @Rohan_Garg! Thanks!

kautuk_sahni · 10/30/23

@aem_noob Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Adobe Experience Manager Sites & More

base permissions to custom group - AEM screen empty

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe