Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to use READ ACL, Edit ACL permissions in AEM?

Avatar

Level 5

On surfing internet blogs found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."

Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.

Can any one explain this with a good example.?

~KkKrish

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi 

Did you check the documentation[0] ?

[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html

                                 
ActionDescription
ReadThe user is allowed to read the page and any child pages.
Modify

The user can:

  • modify existing content on the page and on any child pages.
  • create new paragraphs on the page or on any child page.

At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset.

Create

The user can:

  • create a new page or child page.

If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.

Delete

The user can:

  • delete existing paragraphs from the page or any child page.
  • delete a page or child page.

If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification.  This only applies to nodes defining a jcr:content child node.

Read ACLThe user can read the access control list of the page or child pages.
Edit ACLThe user can modify the access control list of the page or any child pages.
ReplicateThe user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages.

I hope this will clear your doubt.

~kautuk

View solution in original post

4 Replies

Avatar

Correct answer by
Administrator

Hi 

Did you check the documentation[0] ?

[0] https://docs.adobe.com/docs/en/aem/6-2/administer/security/security.html

                                 
ActionDescription
ReadThe user is allowed to read the page and any child pages.
Modify

The user can:

  • modify existing content on the page and on any child pages.
  • create new paragraphs on the page or on any child page.

At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset.

Create

The user can:

  • create a new page or child page.

If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node.

Delete

The user can:

  • delete existing paragraphs from the page or any child page.
  • delete a page or child page.

If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification.  This only applies to nodes defining a jcr:content child node.

Read ACLThe user can read the access control list of the page or child pages.
Edit ACLThe user can modify the access control list of the page or any child pages.
ReplicateThe user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages.

I hope this will clear your doubt.

~kautuk

Avatar

Level 1

I would like clarification of the following sentence: If modify is denied any subtrees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification.  This only applies to nodes defining a jcr:content child node.

Avatar

Level 1

Hi All,

I'm trying to create a Page Reviewer role for the legal team in my office.

I would like the to be able to read preview links and write annotations - but I don't want them editing the page.

What kind of access should I give them?

Please help!

Thanks