Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Remove replicate permission for administrators - AEM 6.4

Avatar

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile
skmAem
Level 2

01-06-2020

Hello AEM Gurus,

 

We have a requirement to prevent everyone (including administrators) from replicating assets from a certain path under /content/dam. I have removed replicate permission for this path (eg /content/dam/testfldr) for all of the groups including the administrators group. But users in this administrators group are still able to replicate the assets under this path. When I see the permissions for administrators in useradmin for /content/dam/testfldr path, it has a *! markup next to the Replicate checkbox. When I hover over that checkbox, it says "Noneffective administrators (deny)" in a modal popup.

 

Is it possible to prevent administrators from replicating assets from certain paths? If setting permission through useradmin is not possible, is there an alternative way to achieve this?

 

Appreciate any help/pointers on this.

-SKM

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Springboard
MVP
Shashi_Mulugu
MVP

Likes

224 likes

Total Posts

283 posts

Correct Reply

65 solutions
Top badges earned
Springboard
Bedrock
Validate 1
Applaud 100
Establish
View profile

Avatar
Springboard
MVP
Shashi_Mulugu
MVP

Likes

224 likes

Total Posts

283 posts

Correct Reply

65 solutions
Top badges earned
Springboard
Bedrock
Validate 1
Applaud 100
Establish
View profile
Shashi_Mulugu
MVP

02-06-2020

To guide you better, try not to use OOTB administrators group instead create your own client/project specific admin groups upon which you control permissions to each subtree and add people to it. Try to restrict to only add system admins to OOTB group for system maintenance.

Answers (4)

Answers (4)

Avatar

Avatar
Validate 1
MVP
ArpitVarshney
MVP

Likes

136 likes

Total Posts

185 posts

Correct Reply

36 solutions
Top badges earned
Validate 1
Establish
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Validate 1
MVP
ArpitVarshney
MVP

Likes

136 likes

Total Posts

185 posts

Correct Reply

36 solutions
Top badges earned
Validate 1
Establish
Give Back 5
Give Back 3
Give Back 25
View profile
ArpitVarshney
MVP

02-06-2020

Hi @skmAem 

 

I'm not sure but you can't change admin permission in AEM. If you try to do so, it will revert back to default again.

The role of admin to control and manage everything so restricting it for any action won't make any sense.

 

Regards,

Arpit Varshney

Avatar

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile
hamidk92094312
Employee

01-06-2020

Can you verify if can do it via ACLs for individual path in crx/de ?

Screen Shot 2020-06-01 at 9.56.13 PM.png

Avatar

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile
skmAem
Level 2

02-06-2020

@hamidk92094312 

When I denied the replicate permission through useradmin, i can see that the deny for crx:replicate action for administrators group in crxde access control tab. Pls see the screenshot. But it still allows a user in the administrators group to replicate assets.Screen Shot 2020-06-02 at 9.58.01 AM.png

 

@Shashi_Mulugu  & @ArpitVarshney , I agree that we should have followed the setup as you mentioned, but unfortunately I recently joined this project and they already have several power users added under administrators group for some reason. How do I work around it? 

 

On this document: https://docs.adobe.com/content/help/en/experience-manager-64/administering/security/security.html they say you set "deny-everyone" on a node, administrators will have to be enabled explicitly to get them the access, what do they mean by "deny-everyone"? Pls see screenshot below:Screen Shot 2020-06-02 at 10.09.16 AM.png

Thanks everyone for your inputs!

-Shridev

Avatar

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile

Avatar
Validate 1
Level 2
skmAem
Level 2

Likes

14 likes

Total Posts

34 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 5
Boost 3
View profile
skmAem
Level 2

02-06-2020

If it is not possible to prevent replication through permissions, is it possible to prevent it through touch ui/granite for everyone for a specific folder in dam? Any suggestions for this approach?