Adobe Experience Manager Sites & More

Mailyn_TMo · 11/30/25

Hello, I hope you're all doing well.

In AEM Assets, I need to prevent newly logged-in users from seeing anything in the assets directory. I tried adding a `deny: read` block to 'everyone', which is one of the default groups all users log in with, for a single folder that's still being displayed. This hides the folder for everyone, regardless of whether they're in a group they already have access to.

What I need is to hide everything for newly logged-in users while allowing existing users to continue working normally.

I see they log in with four defined groups, but these groups can't be removed afterward. I considered putting this in a smaller group, but then I encountered the problem of not being able to remove other users from that group.

How can I handle this situation?

Thank you very much.

TarunKumar · 12/1/25

Hi @Mailyn_TMo ,

You can follow below steps to create a group and provide access to them:-

Create a User group and add new members as part of that group.
Navigate to permissions page (http://localhost:4502/security/permissions.html) and add the ACE's

Using the above approach users will have access to specific folders only( like : content/dam/abc) and will not have access to any other folders or any new folders that will be created in DAM as we are not denying other folders and explicitly giving permissions to specific folder

In this way the user groups can be configured to specific folders based on the requirement

There are multiple ways to configure user groups and permissions in AEM and is dependent on the business requirements. Couple of approaches below

-Tarun

View solution in original post

TarunKumar · 12/1/25

Hi @Mailyn_TMo ,

You can follow below steps to create a group and provide access to them:-

Create a User group and add new members as part of that group.
Navigate to permissions page (http://localhost:4502/security/permissions.html) and add the ACE's

Using the above approach users will have access to specific folders only( like : content/dam/abc) and will not have access to any other folders or any new folders that will be created in DAM as we are not denying other folders and explicitly giving permissions to specific folder

In this way the user groups can be configured to specific folders based on the requirement

There are multiple ways to configure user groups and permissions in AEM and is dependent on the business requirements. Couple of approaches below

-Tarun

Shashi_Mulugu · 12/1/25

Hi @Mailyn_TMo

Thank you for reaching out to Adobe Experience League community for AEM Forum.

To better solve your problem, first we need to identify to which group the default new users are being added to .

If it is via SSO, please check your saml configuration.

Once default user group(s) is/or identified,

1.please use AEM->tools->security->permissions

2. Search for one of the default user group and add an explicit deny permissions to entire root dam folder

This will deny root folder to all users

Then create a base dam user group with explict allow permission for root dam folder and make it add this base group as sub group in all your regular user groups

Adobe Experience Manager Sites & More

Hide all DAM information from newly logged-in users

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe