Node with deny permission editable by users on administrators group - AEM 6.5

Avatar

Avatar
Ignite 1
Level 2
abcr1
Level 2

Likes

3 likes

Total Posts

27 posts

Correct reply

0 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back
Boost 3
View profile

Avatar
Ignite 1
Level 2
abcr1
Level 2

Likes

3 likes

Total Posts

27 posts

Correct reply

0 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back
Boost 3
View profile
abcr1
Level 2

06-11-2020

Hi community!

 

I have a node on CRX with rep:policy deny jcr:write to everyone, I have modified permission programatically because I need to activate / deactivate permissions according to  property, but users on administrators group can modify node. Why?? Any suggestion?  I am working with AEM 6.5  Thanks.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 3
ramgopalm545617
Level 3

Likes

8 likes

Total Posts

80 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 5
View profile

Avatar
Validate 1
Level 3
ramgopalm545617
Level 3

Likes

8 likes

Total Posts

80 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 5
View profile
ramgopalm545617
Level 3

08-11-2020

It all depends on the order of the ACLs in aem, go to crx de and check the access control in the right side panel. 

Try rearranging the order of the rules, you can drag the ACLs in the list, the last rule will take precedence. 

Answers (1)

Answers (1)

Avatar

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile
SureshDhulipudi
MVP

06-11-2020

by default administrators group has full control - the precedence is deny first and then allow, as the admin group has full access, the users on admin group will get automatically all access including modify.

You can try create a custom admin group and add those users, then provide necessary access.