On surfing internet blogs found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."
Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.
Can any one explain this with a good example.?
~KkKrish
Solved! Go to Solution.
Views
Replies
Total Likes
Hi
Did you check the documentation[0] ?
[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html
Action | Description |
Read | The user is allowed to read the page and any child pages. |
Modify | The user can:
At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset. |
Create | The user can:
If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node. |
Delete | The user can:
If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node. |
Read ACL | The user can read the access control list of the page or child pages. |
Edit ACL | The user can modify the access control list of the page or any child pages. |
Replicate | The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages. |
I hope this will clear your doubt.
~kautuk
Hi
Did you check the documentation[0] ?
[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html
Action | Description |
Read | The user is allowed to read the page and any child pages. |
Modify | The user can:
At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset. |
Create | The user can:
If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node. |
Delete | The user can:
If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node. |
Read ACL | The user can read the access control list of the page or child pages. |
Edit ACL | The user can modify the access control list of the page or any child pages. |
Replicate | The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages. |
I hope this will clear your doubt.
~kautuk
Also have a look at this reference article :- https://docs.adobe.com/content/docs/en/spec/jsr170/javadocs/jcr-2.0/javax/jcr/security/Privilege.htm...
~kautuk
Views
Replies
Total Likes
I would like clarification of the following sentence: If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node.
Views
Replies
Total Likes
Hi All,
I'm trying to create a Page Reviewer role for the legal team in my office.
I would like the to be able to read preview links and write annotations - but I don't want them editing the page.
What kind of access should I give them?
Please help!
Thanks
Views
Replies
Total Likes