Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Is there a way to give permission to certain users/groups to create users but only under certain groups?

Avatar

Level 7
Level 7
10/15/15 7:27:02 PM

Hi,

Is there a way to allow a user/group create new users but only under certain groups?

Thanks in advance.

Views

411

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 3
Level 3
10/15/15 7:27:02 PM

Hi,

This can be done by denying the permissions modify/write permission for the groups where the user/group is not allowed to create users and allowing these permissions only for the group(s) path where it is allowed to create users.

E.g. If a user/group is allowed to create users only under group -/home/groups/c/custom-group

  1. Deny - Modify, Create, Delete permissions under the path -/home/groups. (Keep Read permission)
  2. Allow - Read, Modify, Create, Delete permissions under the path -/home/groups/c/custom-group

By doing this the user would not be able modify members in other groups.

However there is slight issue on the front-end. When the user tries to add other groups to the created user, on the front-end it does not gives any error and it looks as if the group is successfully added for user. However, when the page is refreshed, the other groups are not really added for the user.

So it works actually, but it gives a wrong impression that it is not working. :)

Will try to post an update if I get chance to dig deeper and find out why it's not showing error.

Hope it helps.

Regards.

Vatsal

View solution in original post

Views

376

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 3
Level 3
10/15/15 7:27:02 PM

Hi,

This can be done by denying the permissions modify/write permission for the groups where the user/group is not allowed to create users and allowing these permissions only for the group(s) path where it is allowed to create users.

E.g. If a user/group is allowed to create users only under group -/home/groups/c/custom-group

  1. Deny - Modify, Create, Delete permissions under the path -/home/groups. (Keep Read permission)
  2. Allow - Read, Modify, Create, Delete permissions under the path -/home/groups/c/custom-group

By doing this the user would not be able modify members in other groups.

However there is slight issue on the front-end. When the user tries to add other groups to the created user, on the front-end it does not gives any error and it looks as if the group is successfully added for user. However, when the page is refreshed, the other groups are not really added for the user.

So it works actually, but it gives a wrong impression that it is not working. :)

Will try to post an update if I get chance to dig deeper and find out why it's not showing error.

Hope it helps.

Regards.

Vatsal

Views

377

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Not able to use credentials for login after installing AEM service pack 9 for 6.5 Solved

Views

154

Likes

0

Replies

3
what is the best alternative RequestResponseFactory as its deprecated

Views

94

Likes

0

Replies

4
How to restrict anonymous access /crx/explorer/ui/search.jsp

Views

78

Likes

0

Replies

4
how to write junit for the below code

Views

112

Likes

0

Replies

3
Unable to render url or html content as page via sightly

Views

117

Likes

0

Replies

5