Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

How to use READ ACL, Edit ACL permissions in AEM?

Avatar

Avatar
Validate 25
Level 4
Kkkrish
Level 4

Likes

27 likes

Total Posts

107 posts

Correct Reply

1 solution
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 4
Kkkrish
Level 4

Likes

27 likes

Total Posts

107 posts

Correct Reply

1 solution
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
Kkkrish
Level 4

12-01-2017

On surfing internet blogs found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."

Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.

Can any one explain this with a good example.?

~KkKrish

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,131 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,131 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

12-01-2017

Hi 

Did you check the documentation[0] ?

[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html

                                 
ActionDescription
ReadThe user is allowed to read the page and any child pages.
Modify

The user can:

  • modify existing content on the page and on any child pages.
  • create new paragraphs on the page or on any child page.

At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset.

Create

The user can:

  • create a new page or child page.

If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.

Delete

The user can:

  • delete existing paragraphs from the page or any child page.
  • delete a page or child page.

If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification.  This only applies to nodes defining a jcr:content child node.

Read ACLThe user can read the access control list of the page or child pages.
Edit ACLThe user can modify the access control list of the page or any child pages.
ReplicateThe user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages.

I hope this will clear your doubt.

~kautuk

Answers (3)

Answers (3)

Avatar

Avatar
Level 1
georgeb58996772
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile

Avatar
Level 1
georgeb58996772
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile
georgeb58996772
Level 1

08-11-2018

Hi All,

I'm trying to create a Page Reviewer role for the legal team in my office.

I would like the to be able to read preview links and write annotations - but I don't want them editing the page.

What kind of access should I give them?

Please help!

Thanks

Avatar

Avatar
Level 1
nbmsas
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile

Avatar
Level 1
nbmsas
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile
nbmsas
Level 1

21-04-2017

I would like clarification of the following sentence: If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification.  This only applies to nodes defining a jcr:content child node.

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,131 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,131 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

12-01-2017