Difference between using CUG and directly assigning rights using crxde/explorer | Community
Skip to main content
A
aembytes
March 2, 2018
Solved

Difference between using CUG and directly assigning rights using crxde/explorer

  • March 2, 2018
  • 5 replies
  • 3263 views

What's the difference in assigning user groups rights using crxde (going to that user in useradmin and assigning specific rights) vs CUG? is it that CUG is purely read only vs with crxde you get finder control? Does adding CUG also different in terms of creating a rep:policy node for that content path

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by navinkaushal

I believe you are in a dilemma here between CUG and Provide Access control using CRX.

1. CUG: It is Closed User Group which is clubs the different user to share same permission. When a CUG (Group Permission) is applied to any content/page, all the users who are part of group will have same permission to those content/page.

2. CRX explorer Permission: It is generally to explore/see and edit permission for individual contents/pages in special cases.

Though you can give permission  using CRX however its not at all recommended to do so. Always create a group of user (even it has one user initially) and give permission to group. This is because if some more users may join in future or may leave hence group will be constant. Never ever give individual user permissions (not recommended by Adobe).

Hope This helps

5 replies

navinkaushal
navinkaushalAccepted solution
March 2, 2018

I believe you are in a dilemma here between CUG and Provide Access control using CRX.

1. CUG: It is Closed User Group which is clubs the different user to share same permission. When a CUG (Group Permission) is applied to any content/page, all the users who are part of group will have same permission to those content/page.

2. CRX explorer Permission: It is generally to explore/see and edit permission for individual contents/pages in special cases.

Though you can give permission  using CRX however its not at all recommended to do so. Always create a group of user (even it has one user initially) and give permission to group. This is because if some more users may join in future or may leave hence group will be constant. Never ever give individual user permissions (not recommended by Adobe).

Hope This helps

smacdonald2008
smacdonald2008
March 2, 2018

Great response!

A
aembytesAuthor
March 2, 2018

Navin/Scott

Let me clarify the question a bit more. My question was if I mark a path with CUG enabled, what properties in the node structure reflect that? Because if I go to crx, and explicitly assign rights, it will essentially create a rep:policy node under that content jcr:path.

So even for read for a group (not user), I can either use a CUG to only allow that group into it, or I can find that group in crxde and assign jcr:read to that path for the group which will create rep:policy node.

varunmitra
Adobe Employee
varunmitraAdobe Employee
Adobe Employee
March 13, 2018

A rep:cugPolicy node is created under the CUG enabled content node. A mixin node type is also set to rep:CugMixin is also set on the content node

I hope this helps.

    A
    aembytesAuthor
    March 13, 2018

    Varun

    Thanks a lot!

    Quick question - if i have this node and i also go to a specific user and assign manual read rights to that path for that user using useradmin, which would take precedence?

    For example, on CUG i say only "HR" has rights but then I got to my user and I am not in HR but I go and give read privileges to the path, what's the expected behavior of AEM?

    Terms & ConditionsAccessibility statement

    Loading footer...