Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Repository Initialization: How to set deny and allow permission for groups

Avatar

Level 4

Hi Team

 

I have created two new groups using the below script. but unable assign permissions.

 

create group group1 with path /home/groups/project
add group1 to group dam-users
set properties on authorizable(group1)/profile
set givenName{String} to "Project Group1"
set aboutMe{String} to "The members of this group are allowed to create, updated and delete"
end

 

create group group2 with path /home/groups/project
add group2 to group dam-users
set properties on authorizable(group2)/profile
set givenName{String} to "Project Group2"
set aboutMe{String} to "The members of this group are read and replicate"
end

 

Group1 should create, edit and delete however they should not have right to replicate content under path /content/dam/project

 

Group2 should only read and replicate content under path /content/dam/project

 

Please help

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Prashardan 
you can use the setACL command in the script

 

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

 

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user... 
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-... 

 



View solution in original post

2 Replies

Avatar

Community Advisor

@Prashardan 

 

Grp1: Extend from dam-users and  use rep:glob to deny replicate

general Recommendations shared on: https://techrevel.blog/2024/03/04/aem-user-permissions-tips-for-effortless-control/

 

Grp2: Extend from contributors and then provide replicate permission 


Aanchal Sikka

Avatar

Correct answer by
Community Advisor

Hi @Prashardan 
you can use the setACL command in the script

 

setACL on /content/dam/project for group group1
allow jcr:read, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode
deny jcr:read, rep:replicate
end

setACL on /content/dam/project for group group2
allow jcr:read, rep:replicate
end

 

This script sets the ACL (Access Control List) for each group on the specified path /content/dam/project.

For group1, it allows permissions for jcr:read, jcr:modifyProperties, jcr:removeChildNodes, and jcr:removeNode, but denies jcr:read and rep:replicate permissions.

For group2, it allows permissions for jcr:read and rep:replicate.
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/accessing/aem-user... 
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/aem-user-management-...