Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

How can I hide Sites, Projects and Experience Fragments on AEMaaCS Start page?

Avatar

Level 2

Working in AEMaaCS and need to hide the Projects, Sites and Experience Fragments options on the AEM Start page (aem/start.html) shown below:

nav.jpg

In the non-cloud AEM experience you can hide these types of things easily through ACLs by creating a deny for the paths  /libs/wcm/core/content/sites and /libs/cq/core/content/nav/sites to hide Sites, for example.

Can this also be done on the Cloud through ACLs or does it require code changes? I get an error as an Administrator when trying to set an ACL on the paths listed above.

Edited to add: On this same project we will also need to hide some of the items under the Tools (hammer) menu. We would like one user group to only see Tools > General and Tools > Assets, with the other options hidden. Then under Tools > General we only want them to see the Tagging tile and nothing else.

Any help would be greatly appreciated!

Thanks!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Kate_Sumbler,

Going from the top:

Set of permissions that you can observe in admin console is not connected to your permissions on AEM - in general those are 2 separate things. Nevertheless base on another screen you have shared - it looks your user is added to Administrators group on AEM.

Regarding to issue related to the fact you do not see /libs/cq/core/content/nav/sites either browsing or in dropdown - this is limitation of widget used in GUI. It shows only folders, or pages, simple nodes are not visible, and it is not related to permission set. I was able to observe exactly the same behavior even using admin user (uber/super user).

crx-tree.jpg path-browser.jpg

But despite above limitation you can still type certain path (assuming it exists in the repository) even if you can not browse to it or get it via autocomplete.

Last aspect, the error you have shared. It looks very strange, keeping in mind you are assigned to Administrators group - this just have to work. I would recommend to contact Customer Success Engineer and ask him/her to verify your user permissions, maybe you are assigned also to other group that is in conflict on permission level with administrator group. I think CSE support will be needed to investigate and solve the issue.

View solution in original post

6 Replies

Avatar

Community Advisor

Hi @Kate_Sumbler,

This is possible to hide all the options you have described using ACLs, exactly in the same way like on non-cloud AEM versions. I did quick test on my local AEM as a Cloud Service version 2022.5.7575.20220530T152407Z, and here is the result:

start-screen.png

This is how permission set looks like for above screen:

permission-screen.png

I am not sure why it's not working for you, maybe your user did not have enough permissions. I was testing it using admin user, and some other custom user assigned to administrators group. In both cases I did not spot any issue in terms of setting permissions to my test user.

Regarding Tools menu structure you can find it under /libs/cq/core/content/nav/tools

Summarizing to achieve your goal you can use ACLs, code changed or custom implementation is not needed.

Avatar

Level 2

Thanks for the response!

 

I am logged into the product environment as myself, a member of administrators group.

 

Here's what I have in Admin Console:

  • admin console 1.jpg
  • admin console 2.jpg

And in the AEMaaCS environment I'm in the OOTB administrators group:

  • aem administrators group.jpg

When I tried to add the /libs/cq/core/content/nav/sites path, it doesn't show in the dropdown menu or when browsing:

  • no path.jpgno nav path.jpg

I then tried setting a deny for another path that I was told would hide the "Insights" tab in Asset Properties.  That path showed in the dropdown menu, but it gives me the following error when I save even though I have administrator rights:

  • error.jpg

Any ideas?

Avatar

Correct answer by
Community Advisor

Hi @Kate_Sumbler,

Going from the top:

Set of permissions that you can observe in admin console is not connected to your permissions on AEM - in general those are 2 separate things. Nevertheless base on another screen you have shared - it looks your user is added to Administrators group on AEM.

Regarding to issue related to the fact you do not see /libs/cq/core/content/nav/sites either browsing or in dropdown - this is limitation of widget used in GUI. It shows only folders, or pages, simple nodes are not visible, and it is not related to permission set. I was able to observe exactly the same behavior even using admin user (uber/super user).

crx-tree.jpg path-browser.jpg

But despite above limitation you can still type certain path (assuming it exists in the repository) even if you can not browse to it or get it via autocomplete.

Last aspect, the error you have shared. It looks very strange, keeping in mind you are assigned to Administrators group - this just have to work. I would recommend to contact Customer Success Engineer and ask him/her to verify your user permissions, maybe you are assigned also to other group that is in conflict on permission level with administrator group. I think CSE support will be needed to investigate and solve the issue.

Avatar

Level 2

Thank you for the reply, that's a lot of good info! I think I will need to reach out to the CSE support as I am still getting the same error as before.

 

Avatar

Community Advisor

Hi @Kate_Sumbler
i am currently occupied with the exact same challenge.

Did you found a way to hide some of the navigation since?
I also have read one other ticket of yours regarding this topic - but the overlay node is a dead end street atm.
It would be super cool if you'd share the tales of this quest and what the outcome of this task has become. 

I hope you have a nice day
Regards
Adilos

Avatar

Level 1

I had the same issue trying to apply this approach in cloud services.

As we cannot modify ACL for /libs folder (because it's immutable) you got this error.

 

You should setup this ACL rules during the repoInit.

Under /ui.config/src/main/content/jcr_root/apps/myproject/osgiconfig/config create a file called: org.apache.sling.jcr.repoinit.RepositoryInitializer~myproject.cfg.json

 

{
    "scripts": [
        "create group basic-access",
        "set ACL for basic-access\ndeny jcr:read on /libs/cq/core/content/nav/projects\nend",
        "set ACL for basic-access\ndeny jcr:read on /libs/cq/core/content/nav/experiencefragments\nend",
        "set ACL for basic-access\ndeny jcr:read on /libs/cq/core/content/nav/contentfragments\nend",
        "set ACL for basic-access\ndeny jcr:read on /libs/granite/ui/content/shell/start/content/cq/items/tabs/items/tools\nend"
    ]
}

 

you can see we are creating a user group called "basic-access" and removing the access to the icons of projects, experiencefragments, etc.

 

I hope it help s