Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Restrict access for cloud manager users | AEMasCS

Avatar

Level 3

We are working on a multi-tenant solution in Aem as cloud service and need to provide Cloud Manager permissions for deployment, development, and integration-cloud services. However, we also need to restrict these users from accessing specific paths, such as /content/xyz and /apps/xyz. Can we achieve this in AEM as a Cloud Service?

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hey @georhe6 ,

I have created a blog article for what you have mentioned but for hiding /content/cq:tags, but can be replicated to /content/my-brand, you can find it here https://sourcedcode.com/blog/aem/aem-multi-tenant-website-restrict-cqtags-for-user-groups

 

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hey @georhe6 ,

I have created a blog article for what you have mentioned but for hiding /content/cq:tags, but can be replicated to /content/my-brand, you can find it here https://sourcedcode.com/blog/aem/aem-multi-tenant-website-restrict-cqtags-for-user-groups

 

Avatar

Level 7

@georhe6 , 

- create a user in the Adobe admin console for a specific product profile example stage author  and the created user would flow to the stage author instance 

- once the user in the stage author instance  restrict using OOTB WCM role and permission or add user to a user group created in stage author WCM instance control and apply restriction to group

Avatar

Employee

Regarding the question on restricting the users from accessing specific paths (assuming you need it on author instance), I can think of achieving it in the following way

  1. Create product profiles on admin console. These profiles will be synced to the author and appear as user groups
  2. On AEM author, create another set of user groups that map 1 to 1 to these product profile groups
  3. Assign the required path permissions to the user groups created AEM author (/content/xyz, /apps/xyz). For applying permissions on \apps, you will have to use repoinit scripts
  4. Now make product profile group a member of user group created on AEM

When a new user is added to a specific product profile in Admin Console, by virtue of the above group relationship, the user will automatically inherit the permissions defined in the user group created on AEM