Hi,
I have a requirement that
we need to combine 2 or 3 groups and create 1 user.
ex - User1, User2, User3
User1 has access to delete but - delete allow
User2 does not have delete access - delete deny
But requirement is when we combined user1 and user2 - delete option should be there. But it is giving priority to deny.
I am using Netcentric AC tools and ... permisison are granted through yaml file.
Is it Possible do something like this?
Thanks in advance
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @lone_Ranger
Not sure, it going to work with just merging groups.
you may need to separate a group for deny and add only when needed.
Please check this https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem6-user-is-member-of-two...
Hi @lone_Ranger
Not sure, it going to work with just merging groups.
you may need to separate a group for deny and add only when needed.
Please check this https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem6-user-is-member-of-two...
Adobe documentation asks to use Deny sparingly. As far as possible use only Allow.
If a user is a member of more than one group, the Deny statements from one group may cancel the Allow statement from another group or the opposite way. It is hard to keep an overview when such a thing happens and can easily lead to unforeseen results, whereas Allow assignments do not cause such conflicts.
Here is the reference doc for the above statement - https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/security
Here is a link for deny best practices - https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/security#best-prac...
Views
Likes
Replies
Views
Likes
Replies