Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Difference between using CUG and directly assigning rights using crxde/explorer

Avatar

Level 4

What's the difference in assigning user groups rights using crxde (going to that user in useradmin and assigning specific rights) vs CUG? is it that CUG is purely read only vs with crxde you get finder control? Does adding CUG also different in terms of creating a rep:policy node for that content path

1 Accepted Solution

Avatar

Correct answer by
Level 4

I believe you are in a dilemma here between CUG and Provide Access control using CRX.

1. CUG: It is Closed User Group which is clubs the different user to share same permission. When a CUG (Group Permission) is applied to any content/page, all the users who are part of group will have same permission to those content/page.

2. CRX explorer Permission: It is generally to explore/see and edit permission for individual contents/pages in special cases.

Though you can give permission  using CRX however its not at all recommended to do so. Always create a group of user (even it has one user initially) and give permission to group. This is because if some more users may join in future or may leave hence group will be constant. Never ever give individual user permissions (not recommended by Adobe).

Hope This helps

View solution in original post

5 Replies

Avatar

Correct answer by
Level 4

I believe you are in a dilemma here between CUG and Provide Access control using CRX.

1. CUG: It is Closed User Group which is clubs the different user to share same permission. When a CUG (Group Permission) is applied to any content/page, all the users who are part of group will have same permission to those content/page.

2. CRX explorer Permission: It is generally to explore/see and edit permission for individual contents/pages in special cases.

Though you can give permission  using CRX however its not at all recommended to do so. Always create a group of user (even it has one user initially) and give permission to group. This is because if some more users may join in future or may leave hence group will be constant. Never ever give individual user permissions (not recommended by Adobe).

Hope This helps

Avatar

Level 4

Navin/Scott

Let me clarify the question a bit more. My question was if I mark a path with CUG enabled, what properties in the node structure reflect that? Because if I go to crx, and explicitly assign rights, it will essentially create a rep:policy node under that content jcr:path.

So even for read for a group (not user), I can either use a CUG to only allow that group into it, or I can find that group in crxde and assign jcr:read to that path for the group which will create rep:policy node.

Avatar

Level 3

A rep:cugPolicy node is created under the CUG enabled content node. A mixin node type is also set to rep:CugMixin is also set on the content node

I hope this helps.

2018-03-13 at 3.44 PM.jpeg2018-03-13 at 3.43 PM.jpeg

Avatar

Level 4

Varun

Thanks a lot!

Quick question - if i have this node and i also go to a specific user and assign manual read rights to that path for that user using useradmin, which would take precedence?

For example, on CUG i say only "HR" has rights but then I got to my user and I am not in HR but I go and give read privileges to the path, what's the expected behavior of AEM?