Restrict user access to /bin/querybuilder.json and /bin/security/authorizables.json on author

Hi, 

The easiest way would be to access the author instance through a dispatcher. This way, you could block those entries for all users at the dispatcher level, and the AEM functionality will remain intact.

Hope this helps

Hi @sssaadw  
1.Is it possible to configure AEM to restrict access to these paths?

Yes, it is possible to configure AEM to restrict access to specific paths like /bin/querybuilder.json and /bin/security/authorizables.json. Access can be restricted using Dispatcher configurations or by setting appropriate permissions in AEM itself.

2.If access restriction is possible, could you please provide details on how to achieve this?

Access restriction can be achieved by configuring the Dispatcher filter rules or by configuring AEM user/group permissions:

Dispatcher Configuration: Using the Dispatcher, you can set up filter rules to deny access to the specified URLs. The Dispatcher works as AEM’s caching and/or load balancing tool, which can also be used to restrict access to certain paths by configuring the /filter section in the dispatcher.any file. For example, to deny access to the paths in question, you would add rules similar to the following:
/filter {
/0001 { /type "deny" /url "/bin/querybuilder.json*" }
/0002 { /type "deny" /url "/bin/security/authorizables.json*" }
}

3.Will implementing access restrictions have any consequences on out-of-the-box AEM functionalities?

Implementing access restrictions may have consequences depending on which users or groups are affected by the change. For example, restricting access to the /bin/querybuilder.json path might affect features or custom functionalities that rely on the Query Builder to retrieve information. Similarly, restricting access to /bin/security/authorizables.json might impact functionalities that rely on user/group information.

@sssaadw 

To restrict user access to /bin/querybuilder.json and /bin/security/authorizables.json on the author instance in Adobe Experience Manager (AEM), you can use the Sling Servlet Resolver's whitelist and blacklist configurations.

Here's how you can do it:

1. Open the AEM Web Console by navigating to http://<your-aem-instance>:<port>/system/console/configMgr

2. Search for "Apache Sling Servlet/Script Resolver and Error Handler" and click on it to open the configuration.

3. In the "Servlet Resolver Whitelist" field, ensure that /bin/querybuilder.json and /bin/security/authorizables.json are not listed. This field lists the paths that are allowed to be accessed.

4. In the "Servlet Resolver Blacklist" field, add /bin/querybuilder.json and /bin/security/authorizables.json. This field lists the paths that are not allowed to be accessed.

Please note that this will restrict access to these paths for all users, including administrators. If you want to allow certain users to access these paths, you may need to implement a custom solution such as a servlet filter, that checks the user's permissions before allowing access to these paths.

@sssaadw Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.