Expand my Community achievements bar.

Get ready! An upgraded Experience League Community experience is coming in January.
Learn more
SOLVED

Disable tools and other components in the AEM interface

Avatar

Level 1
Level 1
11/27/25 11:27:19 AM

Hello everyone,
Context: I have created groups with their access permissions to Assets in the DAM system, all checked.
My question is: In AEM, is it possible to disable or hide all other options on the main panel so that only Assets are displayed? If so, how can this be done? Similarly, can the Tools option be disabled or hidden? It contains security, workflows, and other elements that I don't think users in these groups should have access to. Are there any drawbacks to doing this?

Thank you very much.

Mailyn_TMo_0-1764271601943.png

Views

335

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
11/27/25 11:53:27 AM

Hello @Mailyn_TMo ,

 

Yes, this is possible. The tiles on the AEM start screen (Sites, Projects, Tools, etc.) are shown/hidden based on Read permissions on their root paths.

To show only Assets, remove Read access from all other console paths and keep it only on DAM:

--------------------------------------------------

Allow: /content/dam
Allow: /libs/dam
Allow: /apps/dam (if used)

Deny/Remove Read:
/content
/content/projects
/content/experience-fragments
/libs/cq/core/content/nav/tools
/libs/cq/personalization
/content/screens
/libs/fmdita

 

--> Removing Read on /libs/cq/core/content/nav/tools hides the Tools menu.

Drawbacks:

  • Do not block access to /libs broadly; only remove permissions on specific console nodes.

  • Some DAM features (processing profiles, metadata schemas, workflows) may require selective read access under Tools.

This is the standard way to create a DAM-only user role.

View solution in original post

Views

323

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
11/27/25 11:53:27 AM

Hello @Mailyn_TMo ,

 

Yes, this is possible. The tiles on the AEM start screen (Sites, Projects, Tools, etc.) are shown/hidden based on Read permissions on their root paths.

To show only Assets, remove Read access from all other console paths and keep it only on DAM:

--------------------------------------------------

Allow: /content/dam
Allow: /libs/dam
Allow: /apps/dam (if used)

Deny/Remove Read:
/content
/content/projects
/content/experience-fragments
/libs/cq/core/content/nav/tools
/libs/cq/personalization
/content/screens
/libs/fmdita

 

--> Removing Read on /libs/cq/core/content/nav/tools hides the Tools menu.

Drawbacks:

  • Do not block access to /libs broadly; only remove permissions on specific console nodes.

  • Some DAM features (processing profiles, metadata schemas, workflows) may require selective read access under Tools.

This is the standard way to create a DAM-only user role.

Views

324

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Employee Advisor
Employee Advisor
11/28/25 1:31:21 AM
In response to ManviSharma

Hello @Mailyn_TMo ,

 

If the solution helped you, please mark it as correct. Otherwise, let me know if you need any further assistance 🙂

 

 

Views

280

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
11/28/25 7:51:19 AM

Hello @Mailyn_TMo 

To answer your question :
1. Can we show only “Assets” on the main AEM panel?

Yes, visually you can make it so that a given group only sees the Assets tile:

Hide the other main navigation tiles (Sites, Forms, Screens, Projects, etc.) by :

1. Preferred (new way): Overlaying the relevant nodes from /libs/cq/core/content/nav/... into /apps and adding granite:rendercondition (for example, group-based grouprendercondition) so the tiles are only rendered for specific groups.

2. Older (ACL) way: Denying jcr:read on the corresponding /libs/cq/core/content/nav/<console> nodes for that group (OK for 6.5 on‑prem, not recommended for AEMaaCS).

This only hides UI entries; you still must configure ACLs so those users cannot access Sites/Forms/etc. by URL.

2. Can we disable or hide the “Tools” (hammer) option?

You can hide or restrict Tools sections (Security, Workflow, Assets tools, Operations, etc.) by:

> Using overlays in /apps with granite:rendercondition to hide individual entries under /libs/cq/core/content/nav/tools/... for specific groups, and
> Adding corresponding ACLs (or RepoInit rules) on the underlying tool paths so direct URL access is blocked.


Completely hiding the Tools icon itself by touching /libs/granite/ui/content/shell/start/content/cq/items/tabs/items/tools is:
> Possible on 6.5 via deny jcr:read ACL
> Not recommended and effectively unsupported in AEMaaCS, because that node is granite:InternalArea and /libs is immutable; CAS explicitly warns against manipulating ACLs or renderconditions on such internal nodes.

Views

268

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Is a fully configurable 12-column grid system feasible in AEM Edge Delivery Services with Universal Editor? Solved

Views

186

Like

1

Replies

2
I want to add pdf urls (pdf are present inside my dam folder) in my sitemap xml

Views

134

Likes

0

Replies

2
Uploading assets to AEM via the Desktop App

Views

76

Like

1

Replies

1
How to create permissions for groups that do not yet exist in AEM?

Views

91

Like

1

Replies

2
Best way to delete content fragment at language master level and in all live copies

Views

184

Like

1

Replies

3