Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Question about groups and users

Avatar

Level 2

I have one questions that I haven't seen in the doc:

If you are a user anonymous (not logged in the system) I assume that you are member from the group anonymous and you can see all tha pages unrestricted under /content.

The question is, why when I log with a different user than admin/author users, I can't see any of the /content sites (Geometrix, my webs...etc)?

 

Regards

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

CUG is a mechanism, which let's you maintain permissions on publish system within the content on the authoring system. The CUG definitions and properties are translated into ACLs when they get replicated. So you are not supposed to change any ACLs manually on authoring, but you should rather have appropate CUG settings in place.

kind regards,
Jörg

View solution in original post

9 Replies

Avatar

Level 2

I've checked the permission into the useradmin page and the CUG is setted properly but the ACL tells me that I have not access because the group "groupAllowed" is member of everyone that hasn't have permissions into this page...

Regards

Avatar

Level 10

Hi,

Are you seeing this behavior in Author or Publish Instance?

Are you trying to see page in siteadmin?

Have you verify the access rights of user you are trying to use in User Admin section?

Thanks

Avatar

Level 2

Hi, I'm using the url directly:

 

localhost:4502/content/...

 

I've seen that is a problem only in the author. In the publish I have access but the cug validation I've put is not working although the user is on the right group.

 

Thank you!

Avatar

Level 10

As far as I am aware, anonymous user cannot access anything in Author instance [ Screenshot ]. A user has to supply credentials in order to login.

But In publish its not the same, anonymous access is allowed in publish instance

Avatar

Level 2

Yes, you are true. I've been making a mistake with the groups assignment.

 

Thank you

Avatar

Level 2

Thanks edubey, but one question:

If I'm using cug (cug:Principals etc) in order to forbid the access to a /content/site/page for all the users except one group ex: powerfulGroup.

May I enable the ACL for that page? Or by default if I haven't access for my group (powerfulGroup) , but I'm enabled by the Cug functionality, I will entry into the page. Because that is happening to me. 

I can't enter with a user from the group (powerfulGroup) that I assigned in the cug, but I can use the admin user (who is part of administrators that is an exception for the cug) to enter into the page...

I've verified in http://localhost:4503/system/console/cug that the group appears correctly set.

(I'm on AEM 6)

Avatar

Correct answer by
Employee Advisor

CUG is a mechanism, which let's you maintain permissions on publish system within the content on the authoring system. The CUG definitions and properties are translated into ACLs when they get replicated. So you are not supposed to change any ACLs manually on authoring, but you should rather have appropate CUG settings in place.

kind regards,
Jörg

Avatar

Level 2

I think it's working because It's making the redirection when I enter the credentials correctly and are from the group, but unfortunately It shows me that the page cannot be found.

The config for that page is:

<jcr:content
        cq:template="/apps/...."
        jcr:primaryType="cq:PageContent"
        jcr:title="...."
        sling:resourceType="...."
        cq:cugEnabled="true"
        cq:cugLoginPage="......./login.html"
        cq:cugPrincipals="groupAllowed"
        />