Give Upload/Create only permissions to user in AEM

niks1020

14-07-2019

Hi all,

I have AEM 6.4 with aem-service-pkg-6.4.3 installed

in this I have created a new user group with below like permissions for all parent folders:

1791336_pastedImage_1.png

What my basic requirement is that I want the users (belonging to this user group) to only have read and create permission in my project's folder path (Let say: content/dam/ASC/en/MyFolder)

To do this I have given read and create permission to that folder paths as shown below, but I am not able to see the Create button in Assets folder path to be able to upload the assets in the AEM Assets screen.

1791337_pastedImage_4.png

I found this documentation link : (User Administration and Security) where it says

Create

The user can:

  • create a new page or child page.

If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.

But if I enable modify for this usergroup on this folder, the user would also be able to edit the metadata properties of asset inside that folder. Which, as per the requirement, the user should not be able to perform.

Can somebody please help regarding this?

The user should only be able to upload assets.

You can also suggest any other round the way solution.

Accepted Solutions (1)

Accepted Solutions (1)

Jörg_Hoh

Employee

16-07-2019

That's unfortunate, but not really unexpected.

If I see it correctly, the create button explicitly requests MODIFY permissions on that folder. Because modify also contains the "add children" permission.

That means while the underlying JCR permissions would allow a very fine-grained permission control, the UI does not expose it in that granularity and modelling at this level gets nearly impossible.

I would provide the group the modify permission and instead disallow write permission on the metadata nodes (using wildcard ACLs). That should result in the same outcome.

Jörg

Answers (2)

Answers (2)

nidhip010816

Employee

16-07-2019

Hello niks1020,

Jorg is correct. You need to add 'Modify' permission also.

I tried adding 'Modify' permission along with Read and Create permission to the group and I could see 'Create'

button visible in <host:port>/assets.html/content/dam but without Modify permission create button is not visible.

Give this a try!

Best Regards,

Nidhi Priya