Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to limit dialog fields/tabs to specific user group

Avatar

Not applicable

How can I limit dialog fields to only be edited/viewed by certain user groups with the right permissions?

So for example, I added a new tab do the page properties but this tab should only be visible to users of a specific group. How would I go about doing that? Which node do I set the permissions on? 

I am using AEM 6.1 with all the latest hot fixes.

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi 

As lee mentioned, 

The ACL approach is the way to go (if such a behavior is really necessary).

For example, to hide the "image" tab of the base page component:

Note that in case of tabs included with xtype=cqinclude you have to set it on the include itself, not the included definition. Because at runtime it would complain over the missing target of the include and not render the dialog at all.

Reference link :- http://stackoverflow.com/questions/8165800/cq5-hiding-a-tab-within-a-component-dialog-depending-on-u...

 

Note:- Refer to the post :- https://forums.adobe.com/thread/1097617?start=0&tstart=0

// 

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

I hope this will help you.

 

Thanks and Regards

Kautuk Sahni

View solution in original post

4 Replies

Avatar

Level 8

Component/dialog level permissions are not supported in AEM.

Avatar

Not applicable

When I'm logged in as "administrator" I can see the fields of my custom tab, when I'm logged in as an "author" I cannot see them (I can see the standard page property fields, though). When I give the "author" the "administrators" group, I can see the fields. This led me to believe that permissions were possible but I just couldn't nail down where exactly the permissions should be set (besides using the nuclear option of giving administrator privileges).

Avatar

Level 8

The only way that is possible would be for some to add the permissions through the user admin.  Drill down to the nodes in the user admin and take a look, however this is officially not supported by Adobe.  

Avatar

Correct answer by
Administrator

Hi 

As lee mentioned, 

The ACL approach is the way to go (if such a behavior is really necessary).

For example, to hide the "image" tab of the base page component:

Note that in case of tabs included with xtype=cqinclude you have to set it on the include itself, not the included definition. Because at runtime it would complain over the missing target of the include and not render the dialog at all.

Reference link :- http://stackoverflow.com/questions/8165800/cq5-hiding-a-tab-within-a-component-dialog-depending-on-u...

 

Note:- Refer to the post :- https://forums.adobe.com/thread/1097617?start=0&tstart=0

// 

On a JCR level this is easily possible, as you can set ACL on every node you want. And your component is also "only" a node. CQ itself is not designed to support component level security ootb, the smallest entity you can set ACLs on are pages. The useradmin does not support a granularity of components.

 

So, as a recommendation: Do not try to implement component-based security. Because you will run into  problems you need to handle:

 

* Maintaining ACLs on components (no UI available for this ootb)

* The editmode is not built to handle write-protected components.

 

I do not say it's impossible, but to really make it work, you need to spend time and experience to tune the UI for this usecase.

 

 

I hope this will help you.

 

Thanks and Regards

Kautuk Sahni