SOLVED
How to use READ ACL, Edit ACL permissions in AEM?
On surfing internet blogs found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."
Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.
Can any one explain this with a good example.?
~KkKrish
1 Accepted Solution
Correct answer by
Hi
Did you check the documentation[0] ?
[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html
| Action | Description |
| Read | The user is allowed to read the page and any child pages. |
| Modify | The user can:
At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset. |
| Create | The user can:
If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node. |
| Delete | The user can:
If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node. |
| Read ACL | The user can read the access control list of the page or child pages. |
| Edit ACL | The user can modify the access control list of the page or any child pages. |
| Replicate | The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages. |
I hope this will clear your doubt.
~kautuk
Kautuk Sahni
Correct answer by
Hi
Did you check the documentation[0] ?
[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html
| Action | Description |
| Read | The user is allowed to read the page and any child pages. |
| Modify | The user can:
At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset. |
| Create | The user can:
If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node. |
| Delete | The user can:
If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node. |
| Read ACL | The user can read the access control list of the page or child pages. |
| Edit ACL | The user can modify the access control list of the page or any child pages. |
| Replicate | The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages. |
I hope this will clear your doubt.
~kautuk
Kautuk Sahni
Also have a look at this reference article :- https://docs.adobe.com/content/docs/en/spec/jsr170/javadocs/jcr-2.0/javax/jcr/security/Privilege.htm...
~kautuk
Kautuk Sahni
