We have a requirement to prevent everyone (including administrators) from replicating assets from a certain path under /content/dam. I have removed replicate permission for this path (eg /content/dam/testfldr) for all of the groups including the administrators group. But users in this administrators group are still able to replicate the assets under this path. When I see the permissions for administrators in useradmin for /content/dam/testfldr path, it has a *! markup next to the Replicate checkbox. When I hover over that checkbox, it says "Noneffective administrators (deny)" in a modal popup.
Is it possible to prevent administrators from replicating assets from certain paths? If setting permission through useradmin is not possible, is there an alternative way to achieve this?
To guide you better, try not to use OOTB administrators group instead create your own client/project specific admin groups upon which you control permissions to each subtree and add people to it. Try to restrict to only add system admins to OOTB group for system maintenance.
When I denied the replicate permission through useradmin, i can see that the deny for crx:replicate action for administrators group in crxde access control tab. Pls see the screenshot. But it still allows a user in the administrators group to replicate assets.
@shashi1223 & @arpitv27529355 , I agree that we should have followed the setup as you mentioned, but unfortunately I recently joined this project and they already have several power users added under administrators group for some reason. How do I work around it?