Expand my Community achievements bar.

How to change permissions for an AEM site

Avatar

Level 2

The permissions changed on <server>/useradmin is reflecting on permissions block on AEM but it not reflecting on the site and pages.

how this issue can be solved?

18 Replies

Avatar

Community Advisor

hi @trivenivelaga 

 

Try to log out and check again ( maybe incognito ). Ideally, the change is reflected instantly- By the way what scenario you are trying to achieve here?

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l...

Avatar

Level 2

Actually I change the permissions to deny for one page of site but it not reflecting on site i checked so many times.

 

Avatar

Community Advisor

So you can try to "deny" all check .

After that you need to select the section /pages which you need to allow for that user.

Himanshu Jain

Avatar

Level 2

I tried, but it not reflecting on site.

I applied deny changes for "contact-us" page on a site but it not reflecting on site. I can able to see and modify the page.

How it can be solved?

 

Avatar

Community Advisor

Can you share the User permission snapshot , also check the groups where this user in added .

Himanshu Jain

Avatar

Level 2

yes,

trivenivelaga_2-1655104535382.png

Here i denied the permissions for about-us and equipment pages of a site.

But on the site there is no changes, these denied permissions are not reflecting on site.

 

 

 

Avatar

Community Advisor

If this is for end user then as @arunpatidar  mentioned , use CUG.

Himanshu Jain

Avatar

Community Advisor

This permissions would cater only on author , are you expecting an end user not to modify , edit the pages ?

Avatar

Level 2

what i am expecting is , i have changed the read and modify permissions of about us page, so when i open about us open page I did not able to read the content on that page. So how can I get this?

Avatar

Level 2

Without getting into details, I suggest you a couple of milestones regarding the permissions management:

 

1) the administrator user is the only one that can and must access everything with every possible operation. The administrator has even access the Felix OSGi console so do your math. Reducing its privileges is a nonsense. Moreover, I would not be surprised whether some permission comes as immutable and by default. The fact is that you start every brand new AEM instance with a predefined admin by default and the only thing you should do is to modify its password. So please, create instead an editorial group and work with it leaving the full permissions to the admin.

 

2) The administrator user, among all the other things, is the only one that can "impersonate" the other users. In the old UI, in example the useradmin page, you can open the top-right menu and chose to impersonate another user to check if the permissions work properly.

If I were you, I would create a new editorial group (or just a user), set its permissions and then I would verify it quickly by impersonating it.

Avatar

Level 2

I tried your second point but i am getting error AEM is also not opening.

trivenivelaga_0-1655117460413.png

what's the solution for above error?

Avatar

Community Advisor

Hi,

 

Over here the basic permissions required for login into the aem instance are missing.

 

You can overcome this, by adding the "contributor" group to the user you have created.

 

Thanks 

Avatar

Community Advisor

hi @trivenivelaga -  you want about us page not visible to enduser post these setting - denying read and modify ?

Consider this : https://stackoverflow.com/questions/23199419/how-to-hide-a-page-based-on-the-logged-in-user-in-cq5

Avatar

Community Advisor

Hi,

If you are trying to deny permission for end user page then you need to add cug group

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/cug.html?lang=e... 

 



Arun Patidar

Avatar

Community Advisor

Hi, 

 

The permissions can be applied at the user level and as well at the group level.

 

If you are applying for permissions at the group level and there is a deny permission at the user level, so user level will take precedence over here.

 

So, the first recommendation would be to remove all the permission that you have applied to the environment. For that, you can refer to 

shaileshb501027_0-1655210640584.png

Once done with the above, then apply for the permission at the respective content one by one and check if the things are reflecting correctly or not.

 

You can also validate the same from http://localhost:4502/crx/explorer/index.jsp

 

shaileshb501027_1-1655210797371.png

 

Thanks