Expand my Community achievements bar.

SOLVED

Managing permissions on DAM

Avatar

Level 1
Level 1
4/6/21 3:16:40 PM

What is the recommended way to manage permissions on DAM folders?

 

I see that users can create private folders in DAM and can assign users/groups from the permissions of the folder. Is this a good option to go with.

 

I understand that permissions should be pre defined by dev teams with inputs from business on folders and only admin can set them at a group level from user admin console.

 

Would there be any issues with governance when we give users free hand to assign users to folders.

Views

1.5K

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/7/21 2:24:49 AM

When it comes to permission management there are two separate areas to look at:

 

  1. General permission setup for all users, groups and tenants/markets/etc.
    This should be a predefined hierarchy that is designed by your project-specific authorization matrix, implemented by your development team and rolled-out through your regular deployment process to create groups and assign ACLs. I recommend to leverage the Netcentric ACL Tool [1] for this.
  2. The "Private Folder" feature auf AEM Assets
    This is a different use case where regular AEM users (content authors) can create protected folders and authorize other users to access these private folders. See [2] for a documentation of this feature. In this case AEM will take care of creating groups and setting permissions on a lower (CRX) level when the content author adds users for collaboration to his private folder. AEM will also delete the according groups once access is revoked or the folder is deleted.

While 1 is the basis for your projects overall authorization concept, 2 is a collaboration feature of AEM Assets that sits on top of 1.

 

[1] https://github.com/Netcentric/accesscontroltool

[2] https://experienceleague.adobe.com/docs/experience-manager-65/assets/managing/private-folder.html

View solution in original post

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Community Advisor
Community Advisor
4/6/21 3:22:19 PM

Yes, permission should be defined by business based on taxonomy and setup by developer.

If you let business people to handle this then it gonna be really difficult to manage after some point of time.



Arun Patidar

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
4/6/21 3:25:34 PM
In response to arunpatidar
Thanks for the suggestion. Can you let me know what difficulties in specific do you foresee if business handles permissions

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
4/7/21 1:45:26 AM
In response to arunpatidar
For example, later you need to change the permission of those folders(adding/removing users), modifying privileges, reporting. everything would be difficult if number of those private folder increase by time. There may be changes of rights conflict due to role and directs right on the folders.


Arun Patidar

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
4/7/21 2:24:49 AM

When it comes to permission management there are two separate areas to look at:

 

  1. General permission setup for all users, groups and tenants/markets/etc.
    This should be a predefined hierarchy that is designed by your project-specific authorization matrix, implemented by your development team and rolled-out through your regular deployment process to create groups and assign ACLs. I recommend to leverage the Netcentric ACL Tool [1] for this.
  2. The "Private Folder" feature auf AEM Assets
    This is a different use case where regular AEM users (content authors) can create protected folders and authorize other users to access these private folders. See [2] for a documentation of this feature. In this case AEM will take care of creating groups and setting permissions on a lower (CRX) level when the content author adds users for collaboration to his private folder. AEM will also delete the according groups once access is revoked or the folder is deleted.

While 1 is the basis for your projects overall authorization concept, 2 is a collaboration feature of AEM Assets that sits on top of 1.

 

[1] https://github.com/Netcentric/accesscontroltool

[2] https://experienceleague.adobe.com/docs/experience-manager-65/assets/managing/private-folder.html

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
4/8/21 7:25:31 AM
In response to markus_bulla_adobe
My business wanted to use the concept of private folders on DAM which has a potential to grow to terabytes of content. My question is is this encouraged or not. Do we face issues with governance and maintanence going forward?

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
4/8/21 7:38:55 AM
In response to markus_bulla_adobe
While technically the size of a private folder or the number of assets inside that folder is not an issue in itself, this sounds a bit like trying to skip step 1 from my initial answer. The concept of private folders provides an agile ad-hoc collaboration workflow. If you are trying to establish a standard workflow for your organization, then a properly designed and implemented workflows backed by an authorization concept is the right way to go.

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate