Adobe Experience Manager is designed to cater for content authoring of multiple sites by multiple content authors. Naturally, this process needs to be governed by strict Access Control Lists (ACLs) to manage who is allowed to do what at any given time. In this post, I’ll cover various approaches that can be used to manage authorizables and ACLs in AEM that should help you make a more informed decision when picking a permissions management strategy for your next project.
Basics of Roles and Permissions
Before we get started, we need to cover some basic terminology of permissions management in AEM. Throughout this post, I will refer to Users, Groups, Authorizables and Permissions quite a lot so let’s make sure we’re all on the same page.
A user is a unique account that is used to log in to the system and holds basic details such as name, password, email, etc. They may be part of multiple groups and can also hold their own privileges (although that’s not recommended).
A group is a collection of users whose primary purpose is to apply access rights to those users based on a particular role. AEM comes with a set of out-of-the-box groups but it’s suggested to create groups to fit a given organisation’s content authoring processes.
Permissions are used to identify who is allowed to do what on a given resource and are the result of evaluating Access Control Lists.