Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Best way to implement site that must be logged in with selective access?

carter66192615
Level 1
Level 1
‎26-11-2018 10:58 PST

I am working on implementing an internal site built on AEM 6.3.

I have a business requirement to make the site require the user to be logged in with an employee user group attached to their profile. I looked at implementing this by making all pages have the employee closed user group configured by default, so that they cannot be accessed without it. However, there are other pages within the site that have other closed user groups that are required to access the page, if they have the employee group, this allows the user to access the page even if they do not have the other groups.

So, what would be the best way to restrict access to the entire site, while still requiring specific groups on pages within the site?

Views

784

Replies

3

Total Likes

Translate
3 Replies
smacdonald2008
Level 10
Level 10
‎26-11-2018 12:25 PST

As you mentioned - you need to make user of CUG and a login component for the pages you want to secure.

We have an example article that shows how to write a login component for the entire site.

Creating a Login Component for the Experience Manager Weekend Site

In this example - the site created by the WKND tutorial is used as an example.

"However, there are other pages within the site that have other closed user groups that are required to access the page, if they have the employee group, this allows the user to access the page even if they do not have the other groups."

I am not aware of restricting users whom logged into the site from gaining access to other pages.  Are you referring to having users log into the general site and then authenticating again for more pages?

Views

705

Replies

2

Total Likes

Translate
carter66192615
Level 1
Level 1
‎26-11-2018 12:43 PST
In response to smacdonald2008

I have created a login component per the tutorial, and I have the site set up to require a login.

What I am trying to find a way to do now is to restrict users from accesssing other pages based on the groups that they have within AEM.

For example, a logged in user may be part of the 'Sales' group, so they should be able to access pages that are restricted to members of the 'Sales' group. That same user may not be a member of the 'Marketing' group, so I would not want them to be able to see/access pages that require the 'Marketing' group.

Views

705

Replies

1

Total Likes

Translate
GaneshM
Level 4
Level 4
‎26-11-2018 23:23 PST
In response to carter66192615

The best way is  ACL to restrict the access for users, go to <servername>:4502/useradmin page and create two groups as "Sales" & "Marketing" and define  ACL policies and add the respective user to those group.

For More details User Administration and Security

Thanks!

Views

705

Replies

0

Total Likes

Translate