How to use READ ACL, Edit ACL permissions in AEM?

Question

On surfing internet blogs found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."

Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.

Can any one explain this with a good example.?

~KkKrish

kautuk_sahni · Accepted Answer

HiDid you check the documentation[0] ?[0]https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html ActionDescriptionReadThe user is allowed to read the page and any child pages.ModifyThe user can:modify existing content on the page and on any child pages.create new paragraphs on the page or on any child page.At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset.CreateThe user can:create a new page or child page.Ifmodifyis denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.DeleteThe user can:delete existing paragraphs from the page or any child page.delete a page or child page.Ifmodifyis denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node.Read ACLThe user can read the access control list of the page or child pages.Edit ACLThe user can modify the access control list of the page or any child pages.ReplicateThe user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages.I hope this will clear your doubt.~kautuk

kautuk_sahni · Answer

Also have a look at this reference article :- https://docs.adobe.com/content/docs/en/spec/jsr170/javadocs/jcr-2.0/javax/jcr/security/Privilege.html#JCR_MODIFY_ACCESS_CONTROL~kautuk

Action	Description
Read	The user is allowed to read the page and any child pages.
Modify	The user can: modify existing content on the page and on any child pages. create new paragraphs on the page or on any child page. At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset.
Create	The user can: create a new page or child page. If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.
Delete	The user can: delete existing paragraphs from the page or any child page. delete a page or child page. If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node.
Read ACL	The user can read the access control list of the page or child pages.
Edit ACL	The user can modify the access control list of the page or any child pages.
Replicate	The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded