Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.
SOLVED

Repository Initialization: How to set deny and allow permission for groups

Avatar

Level 4
Level 4
5/20/24 5:47:04 AM

Hi Team

 

I have created two new groups using the below script. but unable assign permissions.

 

create group group1 with path /home/groups/project
add group1 to group dam-users
set properties on authorizable(group1)/profile
set givenName{String} to "Project Group1"
set aboutMe{String} to "The members of this group are allowed to create, updated and delete"
end

 

create group group2 with path /home/groups/project
add group2 to group dam-users
set properties on authorizable(group2)/profile
set givenName{String} to "Project Group2"
set aboutMe{String} to "The members of this group are read and replicate"
end

 

Group1 should create, edit and delete however they should not have right to replicate content under path /content/dam/project

 

Group2 should only read and replicate content under path /content/dam/project

 

Please help

 

 

Views

217

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
5/20/24 7:39:33 AM

Hi @Prashardan 
you can use the setACL command in the script

 

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

 

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user... 
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-... 

 



View solution in original post

Views

180

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Community Advisor
Community Advisor
5/20/24 7:39:16 AM

@Prashardan 

 

Grp1: Extend from dam-users and  use rep:glob to deny replicate

general Recommendations shared on: https://techrevel.blog/2024/03/04/aem-user-permissions-tips-for-effortless-control/

 

Grp2: Extend from contributors and then provide replicate permission 

Aanchal Sikka

Views

181

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
5/20/24 7:39:33 AM

Hi @Prashardan 
you can use the setACL command in the script

 

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

 

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user... 
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-... 

 



Views

181

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Is it still required to decrypt the osgi configuration properties? Solved

Views

89

Likes

0

Replies

4
Need help to write traditional CI/CD pipeline for Adobe Experince Cloud Manager and Adobe Commerce Cloud Manager

Views

37

Likes

0

Replies

1
How to use different experience fragments in Live Copy Pages

Views

46

Likes

0

Replies

1
How we can populate document URL in AEM ?

Views

112

Like

1

Replies

3
Unable to adapt resource to my slingModel in test

Views

137

Likes

0

Replies

6