trying to use Metadata based permissions for show/hide assets
Metadata-Driven Permissions in AEM Assets | Adobe Experience Manager
this is working fine for assets
deny all assets using rep:ntNames="dam:Asset"
and then allowing based on metadata property status="Approved "
Now I am trying to do similar for a folder,
i.e. I am hiding all folders based on rep:ntNames="sling:Folder"
now how to allow specific folders under this folder based on a property value at folder level or at jcr:content level??
Please advice
Thank you very much
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hi @VishnuRe3,
Try this below approach:
Set a custom property at folder/jcr:content
, e.g., visibility=approved
.
In your permission setup, add an allow rule that checks this property (jcr:content/visibility=approved
).
Important: You must configure your CUG (Closed User Group) or Permission Management Tool to recognize that for folders, the condition check happens at jcr:content
.
Eg.
Suppose you have the folder structure:
/content/dam/marketing/folder1 (sling:Folder)
/content/dam/marketing/folder1/jcr:content (nt:unstructured)
You add this property at jcr:content:
visibility = "approved"
Then your permission rules should:
Deny all sling:Folder
nodes.
Allow if jcr:content/visibility == "approved"
.
Hope that helps!
we are using netcentric tool for permissions.
I couldn't find an attribute / condition that takes in a node property value for checking the status.
Are you aware of any such rule condition in netcentric that I can use to achieve property-based condition?
If netcentric doesn't allow these types of rules, then is there any other way to achieve the filter?
Views
Replies
Total Likes
Hi @VishnuRe3,
Yeah, Netcentric ACL Tool doesn't support conditional rule evaluation based on node properties like jcr:content/visibility
. It's limited to path- and node-type-based rules.
If metadata-based filtering is critical for folders, here are a few approaches that come to mind at the moment:
Restructuring the DAM folder hierarchy so that permission is tied to location (e.g., /approved
, /unapproved
)
Or using a custom solution outside Netcentric ACL - such as manual policy injection or UI-based filtering (though not secure for enforcement).
Hi, @SantoshSai
could you explain more on how to set Allow if jcr:content/visibility == "approved". I'm trying to implement it but in de ACL the restrictions all start with rep:<something> and I don't know if I'm in the wrong place.
My requirement is that I have folder of products with some CF inside and for the CF only metadata driven permissions work like a charm but now I need to organize folders under products because one product can have more than one CF and other subfolders. Ad if I have products/producA, products/broductB and products/productC and than I have userX and userY. Lets say that userX see the productA and productC and userY see the productB and productC. Mor than that if one of them creates new product he should see that new product and haw a possibility to extend that product to the other user.
With metadata it was super easy but I don't see it working for folders with metadata schema 😞
Can someone explain if I'm doing something wrong or it is not implemented for folders?
Views
Replies
Total Likes
@VishnuRe3 Did you find the suggestion helpful? If you need more information, please let us know. If a response resolved your issue, kindly mark it as correct to help others in the future. Alternatively, if you discovered a solution on your own, we'd appreciate it if you could share it with the community. Thank you.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies