Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Find all users who have access to a folder

Avatar

Level 5

Currently, we have created folders in DAM like the following

A

-- B

--- C

 

A has 1 user, B has 2 and C has 3. Entire folder structure is protected by CUG and granted access to specific groups. What we want is notification to be sent to specific groups based on access. So if I upload document at C, it should only send notification to users under the group that have access to C.

If i upload document at B, it should send notification to all users/groups under C and B

Currently the way we are doing it is, get all users in the repository and checking access against that level. Instead, what would be effifient is to get all users who have access to that folder based on a CUG

Is there an API to get specifically list of users who have access to a folder?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Jörg Hoh wrote...

 

when you can do proper assumptions. For example that users can only be in groups A, B and C, and that a user is only in exactly one of these. Then you can take only 1 user of this group for checking and you know for sure, that the same result applies for all other users in the same group as well.

I agree with what Jorg mentioned, just to rule out the case of assumptions, what you can do is, create dummy users for each of the group, lets call it dam_user_a, dam_user_b and dam_user_c, and put them to respective groups where you want to check access. Now using API you will only need to check which of this  user has access to the location where the asset is uploaded and then you can send out notification to that specific group.

users that I mentioned are going to be dummy users just for checking permissions on dam paths they are not going to be actual users/authors who upload asset.

May with above approach you wont need to make any assumptions.

- Runal

View solution in original post

3 Replies

Avatar

Employee Advisor

Hi,

I am not aware of any API, which can do this check for you, internally I would the very same you are currently doing. I would recommend to stick to your current implementation. Of course you could improve that, when you can do proper assumptions. For example that users can only be in groups A, B and C, and that a user is only in exactly one of these. Then you can take only 1 user of this group for checking and you know for sure, that the same result applies for all other users in the same group as well.

kind regards,
Jörg

Avatar

Community Advisor

You can use workflow launchers to automate the process. More on workflow launchers - http://docs.adobe.com/docs/en/cq/5-6-1/workflows/wf-using.html#Starting%20Workflows%20When%20Nodes%2...

  • Create 3 groups asset_group_a, asset_group_b and asset_group_c.
  • Trigger a workflow when the asset is uploaded.
    • have a process step that checks where the asset is uploaded (i.e. under which folder A or B or C)
  • likewise trigger the notification for that group.
    • For mapping dam paths to user groups, you can use arguments options while you design your workflow model, these arguments then you can use in process step and identify group against the dam path and send out the notification.

Such workflows can further be scaled for approval and denial purpose when the asset is uploaded,  but I don't see you mentioned of any such requirement at present.

- Runal

Avatar

Correct answer by
Community Advisor

Jörg Hoh wrote...

 

when you can do proper assumptions. For example that users can only be in groups A, B and C, and that a user is only in exactly one of these. Then you can take only 1 user of this group for checking and you know for sure, that the same result applies for all other users in the same group as well.

I agree with what Jorg mentioned, just to rule out the case of assumptions, what you can do is, create dummy users for each of the group, lets call it dam_user_a, dam_user_b and dam_user_c, and put them to respective groups where you want to check access. Now using API you will only need to check which of this  user has access to the location where the asset is uploaded and then you can send out notification to that specific group.

users that I mentioned are going to be dummy users just for checking permissions on dam paths they are not going to be actual users/authors who upload asset.

May with above approach you wont need to make any assumptions.

- Runal