Restrict access for cloud manager users | AEMasCS | Community
Skip to main content
G
georhe6
September 10, 2024
Solved

Restrict access for cloud manager users | AEMasCS

  • September 10, 2024
  • 3 replies
  • 852 views

We are working on a multi-tenant solution in Aem as cloud service and need to provide Cloud Manager permissions for deployment, development, and integration-cloud services. However, we also need to restrict these users from accessing specific paths, such as /content/xyz and /apps/xyz. Can we achieve this in AEM as a Cloud Service?

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by BrianKasingli

Hey @georhe6 ,

I have created a blog article for what you have mentioned but for hiding /content/cq:tags, but can be replicated to /content/my-brand, you can find it here https://sourcedcode.com/blog/aem/aem-multi-tenant-website-restrict-cqtags-for-user-groups

 

3 replies

BrianKasingli
Community Advisor and Adobe Champion
BrianKasingliCommunity Advisor and Adobe ChampionAccepted solution
Community Advisor and Adobe Champion
September 10, 2024

Hey @georhe6 ,

I have created a blog article for what you have mentioned but for hiding /content/cq:tags, but can be replicated to /content/my-brand, you can find it here https://sourcedcode.com/blog/aem/aem-multi-tenant-website-restrict-cqtags-for-user-groups

 

    RiteshY18
    Community Advisor
    RiteshY18Community Advisor
    Community Advisor
    September 11, 2024

    @georhe6 , 

    - create a user in the Adobe admin console for a specific product profile example stage author  and the created user would flow to the stage author instance 

    - once the user in the stage author instance  restrict using OOTB WCM role and permission or add user to a user group created in stage author WCM instance control and apply restriction to group

      M
      Adobe Employee
      MadhuGubbyAdobe Employee
      Adobe Employee
      September 11, 2024

      Regarding the question on restricting the users from accessing specific paths (assuming you need it on author instance), I can think of achieving it in the following way

      1. Create product profiles on admin console. These profiles will be synced to the author and appear as user groups
      2. On AEM author, create another set of user groups that map 1 to 1 to these product profile groups
      3. Assign the required path permissions to the user groups created AEM author (/content/xyz, /apps/xyz). For applying permissions on \apps, you will have to use repoinit scripts
      4. Now make product profile group a member of user group created on AEM

      When a new user is added to a specific product profile in Admin Console, by virtue of the above group relationship, the user will automatically inherit the permissions defined in the user group created on AEM

        Terms & ConditionsAccessibility statement

        Loading footer...