Give Upload/Create only permissions to user in AEM | Community
Skip to main content
niks1020
niks1020
Level 2
July 15, 2019
Solved

Give Upload/Create only permissions to user in AEM

  • July 15, 2019
  • 3 replies
  • 4902 views

Hi all,

I have AEM 6.4 with aem-service-pkg-6.4.3 installed

in this I have created a new user group with below like permissions for all parent folders:

What my basic requirement is that I want the users (belonging to this user group) to only have read and create permission in my project's folder path (Let say: content/dam/ASC/en/MyFolder)

To do this I have given read and create permission to that folder paths as shown below, but I am not able to see the Create button in Assets folder path to be able to upload the assets in the AEM Assets screen.

I found this documentation link : (User Administration and Security) where it says

Create

The user can:

  • create a new page or child page.

If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.

But if I enable modify for this usergroup on this folder, the user would also be able to edit the metadata properties of asset inside that folder. Which, as per the requirement, the user should not be able to perform.

Can somebody please help regarding this?

The user should only be able to upload assets.

You can also suggest any other round the way solution.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by joerghoh

    That's unfortunate, but not really unexpected.

    If I see it correctly, the create button explicitly requests MODIFY permissions on that folder. Because modify also contains the "add children" permission.

    That means while the underlying JCR permissions would allow a very fine-grained permission control, the UI does not expose it in that granularity and modelling at this level gets nearly impossible.

    I would provide the group the modify permission and instead disallow write permission on the metadata nodes (using wildcard ACLs). That should result in the same outcome.

    Jörg

    3 replies

    U
    Adobe Employee
    user05162Adobe Employee
    Adobe Employee
    July 15, 2019

    I believe you need to add more granular ACL's from Crxde using the rep:glob pattern. Check [1] and [2] for more details.

    [1] User, Group and Access Rights Administration

    [2] Jackrabbit Oak – Restriction Management

    joerghoh
    Adobe Employee
    joerghohAdobe EmployeeAccepted solution
    Adobe Employee
    July 16, 2019

    That's unfortunate, but not really unexpected.

    If I see it correctly, the create button explicitly requests MODIFY permissions on that folder. Because modify also contains the "add children" permission.

    That means while the underlying JCR permissions would allow a very fine-grained permission control, the UI does not expose it in that granularity and modelling at this level gets nearly impossible.

    I would provide the group the modify permission and instead disallow write permission on the metadata nodes (using wildcard ACLs). That should result in the same outcome.

    Jörg

    nidhip010816
    Adobe Employee
    nidhip010816Adobe Employee
    Adobe Employee
    July 17, 2019

    Hello niks1020,

    Jorg is correct. You need to add 'Modify' permission also.

    I tried adding 'Modify' permission along with Read and Create permission to the group and I could see 'Create'

    button visible in <host:port>/assets.html/content/dam but without Modify permission create button is not visible.

    Give this a try!

    Best Regards,

    Nidhi Priya

      Terms & ConditionsAccessibility statement

      Loading footer...