I need to setup a group and its permissions within AEM, so it has read only access to assets at /content/dam/*, the ability to create collections, and assign assets to collections.
I created a user group, ABCGroup, and I added the following permissions. I added read-only permissions to /content/dam and write permissions to /content/dam/collections. I have a test user that is part of the group. Whenever I login as the user, it shows read-only access to assets (as expected) and, also, read-only access to collections. This should not happen, since I assigned collections write permissions within the group. How do I setup permissions within the group, so a user can only have read-only access to assets within /content/dam/* and write permission to collections (/content/dam/collections)?