Expand my Community achievements bar.

SOLVED

How do I create mini-admins for specific content areas within AEM?

Avatar

Level 1

How do I create mini-admins for specific content areas within AEM?

 

For context, in a test area of our AEM instance we have 4 groups, for starters we’re working w/ our “testarea” content folder (content/dam/testarea) so here are 4 groups and the access types I provided to them:

·         Test Area Member                        ta-member           Read

·         Test Area Contributor                   ta-contributor          Modify, Create

·         Test Area Lead                             ta-lead                    Delete, Replicate

·         Test Area Admin                           ta-admin                 Read ACL, Write ACL

 

The ta-admin group has each of the other 3 as groups, providing it all access to the content/dam/testarea folder.

 

I’ve added user “matttest” to the to the ta-admin group and verified that matttest has Read, Modify, Create, Delete, Read ACL, Write ACL and Replicate rights from the green “useradmin” console to the content/dam/testarea folder.

 

Additionally, I’ve created a user named jefftest, who is part of the ta-contributor group. I have verified that user jefftest has Read, Modify and Create rights from the green “useradmin” console to the content/dam/testarea folder.

 

When I login as matttest, I wish to add publishing/replicate rights to jefftest by adding him to the “ta-lead” group. The problem, is that from the “users” touch interface, or the “groups” touch interface, I cannot see the jefftest user to apply the additional rights. 

 

My question is how do I make users visible to a group that has Read ACL and Write ACL rights on a specific content folder?

 

Thanks for taking the time to review my question, I hope it’s concise and make sense.

 

-          Matt

1 Accepted Solution

Avatar

Correct answer by
Level 1

Thanks for your help guys. I believe I found a solution.

1. The ta-admin group needs Edit ACL access to both the content area I want to affect (content/dam/testarea) and to a user folder which holds the users I want to effect (home/users/ta-users)

2. As new users are created that the ta-admin group should affect, the users must always be created to the path home/users/ta-admin

This allows ta-admin to provision rights to the content folder content/dam/testarea for only users that exist in home/users/ta-admin.

Thanks,

Matt

View solution in original post

3 Replies

Avatar

Level 10

My question is how do I make users visible to a group that has Read ACL and Write ACL rights on a specific content folder?

Are the users part of that group? 

Avatar

Administrator

"matttest" would not have rights to modify ACL of other users. For that you need to login from admin account.

It is correct that you have given access for "Edit ACL", but it is that the user can modify the access control list of the page or any child pages not the users.

~kautuk



Kautuk Sahni

Avatar

Correct answer by
Level 1

Thanks for your help guys. I believe I found a solution.

1. The ta-admin group needs Edit ACL access to both the content area I want to affect (content/dam/testarea) and to a user folder which holds the users I want to effect (home/users/ta-users)

2. As new users are created that the ta-admin group should affect, the users must always be created to the path home/users/ta-admin

This allows ta-admin to provision rights to the content folder content/dam/testarea for only users that exist in home/users/ta-admin.

Thanks,

Matt