Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Managing permissions on DAM

Avatar

Avatar
Boost 1
Level 1
santhiswaroopg
Level 1

Like

1 like

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
santhiswaroopg
Level 1

Like

1 like

Total Posts

5 posts

Correct Reply

0 solutions
Top badges earned
Boost 1
View profile
santhiswaroopg
Level 1

06-04-2021

What is the recommended way to manage permissions on DAM folders?

 

I see that users can create private folders in DAM and can assign users/groups from the permissions of the folder. Is this a good option to go with.

 

I understand that permissions should be pre defined by dev teams with inputs from business on folders and only admin can set them at a group level from user admin console.

 

Would there be any issues with governance when we give users free hand to assign users to folders.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

101 likes

Total Posts

86 posts

Correct Reply

43 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile

Avatar
Boost 100
Employee
markus_bulla_adobe
Employee

Likes

101 likes

Total Posts

86 posts

Correct Reply

43 solutions
Top badges earned
Boost 100
Applaud 25
Affirm 25
Boost 50
Boost 25
View profile
markus_bulla_adobe
Employee

07-04-2021

When it comes to permission management there are two separate areas to look at:

 

  1. General permission setup for all users, groups and tenants/markets/etc.
    This should be a predefined hierarchy that is designed by your project-specific authorization matrix, implemented by your development team and rolled-out through your regular deployment process to create groups and assign ACLs. I recommend to leverage the Netcentric ACL Tool [1] for this.
  2. The "Private Folder" feature auf AEM Assets
    This is a different use case where regular AEM users (content authors) can create protected folders and authorize other users to access these private folders. See [2] for a documentation of this feature. In this case AEM will take care of creating groups and setting permissions on a lower (CRX) level when the content author adds users for collaboration to his private folder. AEM will also delete the according groups once access is revoked or the folder is deleted.

While 1 is the basis for your projects overall authorization concept, 2 is a collaboration feature of AEM Assets that sits on top of 1.

 

[1] https://github.com/Netcentric/accesscontroltool

[2] https://experienceleague.adobe.com/docs/experience-manager-65/assets/managing/private-folder.html

Answers (1)

Answers (1)

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,345 likes

Total Posts

3,220 posts

Correct Reply

914 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,345 likes

Total Posts

3,220 posts

Correct Reply

914 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

06-04-2021

Yes, permission should be defined by business based on taxonomy and setup by developer.

If you let business people to handle this then it gonna be really difficult to manage after some point of time.