Adobe Experience Manager Sites & More

Sandeep_Danny95 · 12/9/25

Hi,
I'm using repoint scripts for user group permissions and trying to restrict a group of authors to not edit certain properties of an asset.
example:

dc:title ---- can edit
dc:deccription --- can edit
dc:language --- Should not edit

Code I am using to deny the user to not edit this property.

deny jcr:modifyProperties on /content/dam restriction(rep:glob,/global/crucial/*/jcr:content/metadata/dam:status)

Kamal_Kishor · 12/9/25

@Sandeep_Danny95 - I believe you have shared partial script here.
Can you try this way please -

set ACL on /content/dam
    //other statements...
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end

Reference: https://sling.apache.org/documentation/bundles/repository-initialization.html#repoinit-parser-test-s...
You should check your logs when deploying your changes. If there are any errors due to syntax etc, they are logged in error log.

thanks.

Sandeep_Danny95 · 12/10/25

Hi @Kamal_Kishor ,
this is how I'm using the script

set ACL for test-author
allow jcr:all on /content/dam restriction(rep:glob,/test)
deny jcr:modifyProperties on /content/dam restriction(rep:glob,/test/*/jcr:content/metadata/dam:status)
end

Test is the name of the folder in which the assets are present
and I'm using " * " to cover all the asset names as paths here " rep:glob,/test/*/ "

Kamal_Kishor · 12/10/25

@Sandeep_Danny95 - I have executed this on my local AEM 6.5 (SP23) instance and it works fine.

'user-kamal-kishor' is a user with 'Authors' and 'Contributors' group.

set ACL for user-kamal-kishor
	allow jcr:all on /content/dam restriction(rep:glob,/test)
	deny jcr:modifyProperties on /content/dam restriction(rep:glob,/test/*/jcr:content/metadata/dam:status)
end

When you are deploying this to your instance, can you check if there are any errors while building or deploying?

thanks.

Kamal_Kishor · 12/10/25

@Sandeep_Danny95 - You can also validate if these ACLs are being applied for your user.

in CRXde lite - http://localhost:4502/crx/de/index.jsp

Go to this path (assuming default workspace) - /jcr:system/rep:permissionStore/crx.default

Sandeep_Danny95 · 12/10/25

Hi @Kamal_Kishor ,

Can you try uploading a new asset and edit the description in the properties.
Upload the asset using "Admin" and edit the properties with this test user whom you are giving these permissions.
I have checked in my local with the same permissions, and the above-mentioned case is not working as expected.

I'm on AEM Cloud, idk if that was of any use.

Kamal_Kishor · 12/11/25

@Sandeep_Danny95 - I don't think it should be an issue with AEMaaCS or 6.5.

I have uploaded a new asset with "Admin" user. Then I login as my test user.
For this user, it has all rights but deny for 'dc:title' and 'dam:status' only.

Therefore, I am able to edit the description with this. If I try to update 'title' or 'status' fields, I get the error.

Can you also check for your user, rep:accessControlledPath and rep:glob are correct?

thanks.