Combining User Roles and Permission for multiple group.

Question

Hi,

I have a requirement that

we need to combine 2 or 3 groups and create 1 user.

ex - User1, User2, User3

User1 has access to delete but - delete allow

User2 does not have delete access - delete deny

But requirement is when we combined user1 and user2 - delete option should be there. But it is giving priority to deny.

I am using Netcentric AC tools and ... permisison are granted through yaml file.

Is it Possible do something like this?

Thanks in advance

arunpatidar · Accepted Answer

Hi @lone_ranger
Not sure, it going to work with just merging groups.

you may need to separate a group for deny and add only when needed.

Please check this https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem6-user-is-member-of-two-groups-which-have-rules-that-exclude/m-p/184014

gkalyan · Answer

@lone_ranger

Adobe documentation asks to use Deny sparingly. As far as possible use only Allow.

If a user is a member of more than one group, the Deny statements from one group may cancel the Allow statement from another group or the opposite way. It is hard to keep an overview when such a thing happens and can easily lead to unforeseen results, whereas Allow assignments do not cause such conflicts.

Here is the reference doc for the above statement - https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/security

Here is a link for deny best practices - https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/security#best-practices

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded