Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

Reg user permissions best practice and guidance


Level 3


MY use case is as below:


- Site 1

--- en_us

--- jp_jp

- Site 2

--- en_ca

--- es_sp

In this senario, I have users and groups to the language site level and the I cannot allow users from one language to view/edit another language assets. What is the best way to implement this. I observe that on Useradmin=> permissions tab If I deny parent level I cannot allow at the child level, so daycare has suggested me to create the Local ACL policies as follows

Content level(1):

all_authors - jcr:read deny rep:glob:/*

all_authors - jcr:read allow rep:glob :/jcr:content

all_authors - jcr:read allow rep:glob:/site1, /site2

Site 1 level (2):

site1_authors - same as above.

en_us level (3):

site_en_us_authors: In useradmin => permissions tab check read write etc using UI.

Some how this does not seems to be right process. Do we have any recommendation from community. Please please donot refer me to the user adminstration doc where they talk only theory but not a practicle scenario like the above. If anybody has implemented this, please share. 

1 Reply


Level 10

Having said that - we will get internal Adobe ppl to look too at this.