Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Node with deny permission editable by users on administrators group - AEM 6.5

abcr1
Level 2
Level 2

Hi community!

 

I have a node on CRX with rep:policy deny jcr:write to everyone, I have modified permission programatically because I need to activate / deactivate permissions according to  property, but users on administrators group can modify node. Why?? Any suggestion?  I am working with AEM 6.5  Thanks.

1 Accepted Solution
ramgopalm545617
Correct answer by
Level 4
Level 4

It all depends on the order of the ACLs in aem, go to crx de and check the access control in the right side panel. 

Try rearranging the order of the rules, you can drag the ACLs in the list, the last rule will take precedence. 

View solution in original post

3 Replies
SureshDhulipudi
Community Advisor
Community Advisor

by default administrators group has full control - the precedence is deny first and then allow, as the admin group has full access, the users on admin group will get automatically all access including modify.

You can try create a custom admin group and add those users, then provide necessary access.

ramgopalm545617
Correct answer by
Level 4
Level 4

It all depends on the order of the ACLs in aem, go to crx de and check the access control in the right side panel. 

Try rearranging the order of the rules, you can drag the ACLs in the list, the last rule will take precedence. 

View solution in original post