How to set up a rep:policy(deny) for a specific user group to not access an AEM page programmatically




I have a requirement where I should set up a deny (rep:policy) access to an user group(Eg: testgroup) under a specific AEM page (Eg: /content/we-retail/us/en/experience/hours-of-wilderness) programmatically based on the checkbox property authored in page properties as shown in the screenshot below.


I know we can manually set up the privileges/permissions using user admin interface shown in screenshot below


When we provide deny jcr:read access in user admin, AEM creates a rep:policy/deny node under the page for that specific usergroup (eg: testgroup). However I want to achieve this programmatically.


Could someone suggest/provide an example to implement this use case ? please let me know if you need any additional information.

Thanks in Advance,



Accepted Solutions (1)

Accepted Solutions (1)



For this usecase I suggest this approach. As you have a checkbox in the page properties.

1. Create an Event listener, choose the event type, Node modified, or property modified etc. Also specify the path where this event listener is to be triggered.

Here is the link to see how to create an event listener.

2. In OnEvent method, you can write your logic to check if the checkbox property is modified and then can add the rep:policy/deny node under the page for that specific usergroup

So whenever the property is changed, using event listener you can set the permissions for the page programmatic-ally.

Hope this helps!


Answers (3)

Answers (3)



hamidk11679710​ I have looked at the first link and it says copying ACL's from source path to target path, which is not my requirement. I will try the second link and get back to you.

Thanks for your help.