Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

"Modify" permission not inherited from folder to asset

volkers57834491
Level 1
Level 1

Hi,

we want users of a specific group to be able to upload, modify and replicate assets in a specific folder in the DAM, but they shall not be able to delete assets from the folder. Therefore we assigned "Read", "Modify", "Create" and "Replicate" permissions to the folder but omitted the "Delete" permission. Problem: When the user uploads an asset the "Modify" permission is not inherited from the folder to the asset, so that the user cannot edit the assets properties (e.g. the title), see screenshot. We always have to assign the "Modify" permission manually to the asset afterwards (which is not an option). If we assign "Modify" AND "Delete" permissions to the folder they are both inherited to the asset. My question: Why is the "Modify" permission not inherited and what can we do to achieve that without assign the "Delete" permission also? Any help is greatly appreciated.

Environment: CQ 5.6.1, SP 2

Thanks, Volker

1 Accepted Solution
Lokesh_Shivalingaiah
Correct answer by
Community Advisor
Community Advisor

It should inherit ! This looks like a bug to me. Please raise a day care ticket here

https://daycare.day.com/public/contact.html

View solution in original post

0 Replies
edubey
Level 10
Level 10

Hi, 

Are you able to replicate this permission issue in another environment? 

volkers57834491
Level 1
Level 1

Yes we have this issue on all our servers, local development servers as well as QA servers as well as production servers. It's also not a matter of a specific folder, the behaviour is the same for all folders.

edubey
Level 10
Level 10

We do faced similar issue where permission were not inherited properly however it was working fine once instance was restarted. I would recommend to raise a day care ticket for the same.

Lokesh_Shivalingaiah
Correct answer by
Community Advisor
Community Advisor

It should inherit ! This looks like a bug to me. Please raise a day care ticket here

https://daycare.day.com/public/contact.html

GK-AEM
Level 9
Level 9

Please set new CQ instance and create user and apply the same permissions and check it.

And also post the results.

Thanks,

Kishore

volkers57834491
Level 1
Level 1

Ok, I've set up a "naked" 5.6.1 GA instance without any hotfixes. The behaviour is the same. I then installed SP 2 over the GA release. This didn't change anything. I will raise a daycare ticket.

BR, Volker

volkers57834491
Level 1
Level 1
And here is the response from daycare: "The issue is due to the fact that Modify permissions is not inherited. Basically Read, Write are inherited but not modify. I did some research and I found that this is an expected behavior for CQ 5.x. It does not allow inherited modify if there is no delete permission (CQ5-34635). Just to let you know that this is not a case in AEM 6.0. The only possible workaround is to add delete; you can possibly grant an extra right to a dedicated user (image editor group)."
s_thurgood
Level 1
Level 1

This is also an issues in 6.2. We have a lot of assets in our company, and to manually go in and mark each asset for modify permissions is not a feasible workaround. And adding Delete permissions just to include modify opens up a lot of security / management problems. Why would this be expected behavior? I would assume that, as with the other permissions, if I check the modify box, that permission should be inherited all the way down the tree, including to the individual assets. Can this be fixed to perform in the same way that the other permissions perform?

Ashokkumar_TA
Level 2
Level 2

You can try to set permission with regex globbing pattern on the JCR node - on any node in the hierarchy.