How to prevent authors from deleting a node in aem | Community
Skip to main content
anelem1760873
anelem1760873
Level 4
May 7, 2021
Solved

How to prevent authors from deleting a node in aem

  • May 7, 2021
  • 2 replies
  • 1583 views

Hi there,

 

I have a Handler which listens for DELETE operation from JCR in specific locations, i want to prevent users from deleting those nodes under those locations.

Any idea how i can achieve this.

Thanks 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Kiran_Vedantam

Hi @anelem1760873,

 

This can be achieved by denying access to that node to all the users.

  1. Go to localhost:4502/useradmin
  2. Either deny the access at group level or user level
  3. Please allow access for the user who is creating the node programmatically as mentioned below.

 

Hope this helps.

 

Thanks,

Kiran Vedantam.

2 replies

Kiran_Vedantam
Community Advisor
Kiran_VedantamCommunity AdvisorAccepted solution
Community Advisor
May 7, 2021

Hi @anelem1760873,

 

This can be achieved by denying access to that node to all the users.

  1. Go to localhost:4502/useradmin
  2. Either deny the access at group level or user level
  3. Please allow access for the user who is creating the node programmatically as mentioned below.

 

Hope this helps.

 

Thanks,

Kiran Vedantam.

    MarkusBullaAdobe
    Adobe Employee
    MarkusBullaAdobeAdobe Employee
    Adobe Employee
    May 7, 2021

    Hi @anelem1760873!

    Your outlined approach to listen for DELETE events unfortunately won't work out as it is triggered after the actual deletion has taken place. So the node is already gone when your code gets notified. Unfortunately, events and listeners/handlers won't help in this situation.

     

    Depending on your use case probably the best solution will be based on permissions as mentioned by @kiran_vedantam

    When it comes to permissions, it's always important to have a proper concept and a well designed content architecture that is aligned with the authorization concept. So please make sure to embed the required permissions into your concept.

    That being said, you should be able to satisfy your requirement by defining an ACL of type DENY with the jcr:removeNode privilege for the according group.

    Please also note: in general, it is recommended to built a hierarchy of groups to implement your authorization concept. It is a best practice to start with groups denying as much as possible/needed on to top level and only set ALLOW ACLs from there on. It can cause unexpected side effects if you mix allow and deny ACLs through your permission hierarchy. However, in some cases it may still be necessary to have few, well designed denys at some point in the hierarchy.

     

    Hope that helps!

     

      Terms & ConditionsAccessibility statement

      Loading footer...