Expand my Community achievements bar.

Adobe Summit 2025: AEM Session Recordings Are Live! Missed a session or want to revisit your favorites? Watch the latest recordings now.
Watch Now!

How to use folder level properties for permissions ACL in DAM

Avatar

Level 1
Level 1
4/25/25 4:15:02 AM

trying to use Metadata based permissions for show/hide assets

 

Metadata-Driven Permissions in AEM Assets | Adobe Experience Manager

 

this is working fine for assets 

deny all assets using rep:ntNames="dam:Asset"

and then allowing based on metadata property status="Approved "

 
 
 

VishnuRe3_3-1745579223796.png

 

VishnuRe3_4-1745579344460.png

 

Now I am trying to do similar for a folder,

i.e. I am hiding all folders based on rep:ntNames="sling:Folder"

 

VishnuRe3_5-1745579460961.png

 

now how to allow specific folders under this folder based on a property value at folder level or at jcr:content level??

 

Please advice 

 

Thank you very much 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service Experience Manager Assets Experience Manager Sites

Views

285

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Community Advisor
Community Advisor
4/25/25 9:01:26 AM

Hi @VishnuRe3,

Try this below approach:

  • Set a custom property at folder/jcr:content, e.g., visibility=approved.

  • In your permission setup, add an allow rule that checks this property (jcr:content/visibility=approved).

Important: You must configure your CUG (Closed User Group) or Permission Management Tool to recognize that for folders, the condition check happens at jcr:content.
Eg.

Suppose you have the folder structure:

/content/dam/marketing/folder1 (sling:Folder)
/content/dam/marketing/folder1/jcr:content (nt:unstructured)

You add this property at jcr:content:

visibility = "approved"

Then your permission rules should:

  1. Deny all sling:Folder nodes.

  2. Allow if jcr:content/visibility == "approved".

Hope that helps!


Santosh Sai

AEM BlogsLinkedIn


Views

240

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
4/29/25 8:40:53 PM
In response to SantoshSai

@SantoshSai 

 

we are using netcentric tool for permissions.

I couldn't find an attribute / condition that takes in a node property value for checking the status.

 

Are you aware of any such rule condition in netcentric that I can use to achieve property-based condition?

 

If netcentric doesn't allow these types of rules, then is there any other way to achieve the filter?

Views

151

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/29/25 9:22:59 PM
In response to VishnuRe3

Hi @VishnuRe3,

Yeah, Netcentric ACL Tool doesn't support conditional rule evaluation based on node properties like jcr:content/visibility. It's limited to path- and node-type-based rules.

If metadata-based filtering is critical for folders, here are a few approaches that come to mind at the moment:

  • Restructuring the DAM folder hierarchy so that permission is tied to location (e.g., /approved, /unapproved)

  • Or using a custom solution outside Netcentric ACL - such as manual policy injection or UI-based filtering (though not secure for enforcement).


Santosh Sai

AEM BlogsLinkedIn


Views

147

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to quickly set up dispatcher locally for AEM AMS using AEM Cloud SDK?

Views

24

Likes

0

Replies

1
ACL Permissions to be added or modified

Views

37

Likes

0

Replies

2
Retrieve AEM JMX console metrics programmatically and ship to CloudWatch service

Views

35

Likes

0

Replies

0
Extend WCM Core Teaser component - Customize Authoring Dialog to Add New Fields

Views

80

Likes

0

Replies

3
Double Slash (//) Issue in URLs Despite Applied Rewrite Rules

Views

79

Likes

0

Replies

2