Expand my Community achievements bar.

SOLVED

Different Permissions on a page

Avatar

Level 2

Hi!

Is it possible to create two levels of permissions for editing a page?

i.e. 2 separate roles, one of which can edit only certain component types e.g. only richtext?

or a role that can create annotations but is not allowed to edit the components on a page?

Thanks!

NZ

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

this is possible, but I do not recommend it. You can set ACLs on component nodes to prevent modifications by a certain group. But you cannot set these kinds of ACLs via the /useradmin UI. If you can apply a general rule (like: all richtext components have the name "richtext*") you could use wildcard ACLs. I don't know how the UI behaves in each and every case.

Anyway, please try to avoid it. You'll likely end up in ACL hell from an overview and management perspective.

kind regards,
Jörg

View solution in original post

5 Replies

Avatar

Level 10

You can achieve this bye creating 2 different groups with the necessary ACLs and add Users accordingly.

Avatar

Correct answer by
Employee Advisor

Hi,

this is possible, but I do not recommend it. You can set ACLs on component nodes to prevent modifications by a certain group. But you cannot set these kinds of ACLs via the /useradmin UI. If you can apply a general rule (like: all richtext components have the name "richtext*") you could use wildcard ACLs. I don't know how the UI behaves in each and every case.

Anyway, please try to avoid it. You'll likely end up in ACL hell from an overview and management perspective.

kind regards,
Jörg

Avatar

Level 2

I reckon the question is - on what jcr node the ACL should be set? it definitely not on of the /content nodes. 

Avatar

Level 2

Thanks Jorg,

Are you aware of the way to control permissions to annotations? 

Regards,

Nikolai

Avatar

Employee Advisor

Hi,

Annotations are just properties in the component nodes, so you need to work with wildcard ACLs (rep:glob). Please see [1] for details.

kind regards,
Jörg

[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs