Adobe Experience Manager Sites & More

Prashardan · 5/20/24

Hi Team

I have created two new groups using the below script. but unable assign permissions.

create group group1 with path /home/groups/project
add group1 to group dam-users
set properties on authorizable(group1)/profile
set givenName{String} to "Project Group1"
set aboutMe{String} to "The members of this group are allowed to create, updated and delete"
end

create group group2 with path /home/groups/project
add group2 to group dam-users
set properties on authorizable(group2)/profile
set givenName{String} to "Project Group2"
set aboutMe{String} to "The members of this group are read and replicate"
end

Group1 should create, edit and delete however they should not have right to replicate content under path /content/dam/project

Group2 should only read and replicate content under path /content/dam/project

Please help

Raja_Reddy · 5/20/24

Hi @Prashardan
you can use the setACL command in the script

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user...
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-...

View solution in original post

aanchal-sikka · 5/20/24

@Prashardan

Grp1: Extend from dam-users and use rep:glob to deny replicate

general Recommendations shared on: https://techrevel.blog/2024/03/04/aem-user-permissions-tips-for-effortless-control/

Grp2: Extend from contributors and then provide replicate permission

Aanchal Sikka

Raja_Reddy · 5/20/24

Hi @Prashardan
you can use the setACL command in the script

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user...
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-...

Adobe Experience Manager Sites & More

Repository Initialization: How to set deny and allow permission for groups

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe