Adobe Experience Manager Sites & More

VishnuRe3 · 4/25/25

trying to use Metadata based permissions for show/hide assets

Metadata-Driven Permissions in AEM Assets | Adobe Experience Manager

this is working fine for assets

deny all assets using rep:ntNames="dam:Asset"

and then allowing based on metadata property status="Approved "

Now I am trying to do similar for a folder,

i.e. I am hiding all folders based on rep:ntNames="sling:Folder"

now how to allow specific folders under this folder based on a property value at folder level or at jcr:content level??

Please advice

Thank you very much

SantoshSai · 4/25/25

Hi @VishnuRe3,

Try this below approach:

Set a custom property at folder/jcr:content, e.g., visibility=approved.
In your permission setup, add an allow rule that checks this property (jcr:content/visibility=approved).

Important: You must configure your CUG (Closed User Group) or Permission Management Tool to recognize that for folders, the condition check happens at jcr:content.
Eg.

Suppose you have the folder structure:

/content/dam/marketing/folder1 (sling:Folder)
/content/dam/marketing/folder1/jcr:content (nt:unstructured)

You add this property at jcr:content:

visibility = "approved"

Then your permission rules should:

Deny all sling:Folder nodes.
Allow if jcr:content/visibility == "approved".

Hope that helps!

Santosh Sai

VishnuRe3 · 4/29/25

@SantoshSai

we are using netcentric tool for permissions.

I couldn't find an attribute / condition that takes in a node property value for checking the status.

Are you aware of any such rule condition in netcentric that I can use to achieve property-based condition?

If netcentric doesn't allow these types of rules, then is there any other way to achieve the filter?

SantoshSai · 4/29/25

Hi @VishnuRe3,

Yeah, Netcentric ACL Tool doesn't support conditional rule evaluation based on node properties like jcr:content/visibility. It's limited to path- and node-type-based rules.

If metadata-based filtering is critical for folders, here are a few approaches that come to mind at the moment:

Restructuring the DAM folder hierarchy so that permission is tied to location (e.g., /approved, /unapproved)
Or using a custom solution outside Netcentric ACL - such as manual policy injection or UI-based filtering (though not secure for enforcement).

Santosh Sai

JuSch · 9/23/25

Hi, @SantoshSai
could you explain more on how to set Allow if jcr:content/visibility == "approved". I'm trying to implement it but in de ACL the restrictions all start with rep:<something> and I don't know if I'm in the wrong place.

My requirement is that I have folder of products with some CF inside and for the CF only metadata driven permissions work like a charm but now I need to organize folders under products because one product can have more than one CF and other subfolders. Ad if I have products/producA, products/broductB and products/productC and than I have userX and userY. Lets say that userX see the productA and productC and userY see the productB and productC. Mor than that if one of them creates new product he should see that new product and haw a possibility to extend that product to the other user.
With metadata it was super easy but I don't see it working for folders with metadata schema 😞
Can someone explain if I'm doing something wrong or it is not implemented for folders?

kautuk_sahni · 6/17/25

@VishnuRe3 Did you find the suggestion helpful? If you need more information, please let us know. If a response resolved your issue, kindly mark it as correct to help others in the future. Alternatively, if you discovered a solution on your own, we'd appreciate it if you could share it with the community. Thank you.

Adobe Experience Manager Sites & More

How to use folder level properties for permissions ACL in DAM

Santosh Sai

Santosh Sai

Kautuk Sahni

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe