Hi Team
I need some help on setting restrictions on folder
Consider I have folder project1 under path /content/dam/organization and I want only group1 and group2 to access this folder others should not be able to view project1 folder.
I have tried setting permissions by going to /security/permissions.html but deny jcr:all to group1 and group2 and everyone however it is working reverse
like group1 and group2 not able to view /content/dam/organization/project1 folder others able to view.
Please correct me and my requirement is that /content/dam/organization/project1 should be viewed by only group1 and group2 users.
Thanks in advance.
Solved! Go to Solution.
Views
Replies
Total Likes
@Prashardan , whenever a new user is created he/she must be part of everyone group. Please make sure that the pemission for everyone is present as
"deny jcr:all /content/dam/organization/project1".
@Prashardan , you need to add
deny jcr:all to everyone
allow jcr:all to group1
allow jcr:all to group2
This will make users from group1 and group2 to access the project1 folder and denied for others.
Hi @sravs
Thanks for your reply. I have added this but when a new user is created and that new user is able to view project1 folder which is incorrect.
I have added permissions from /security/groups.html and also went to folder >> properties >> permissions >> closed user group >> added group1 and group2.
Still it is not working as expected that is every new user able to view this folder
My requirement is only group1 and group2 should be able to view and access project1.
@Prashardan , whenever a new user is created he/she must be part of everyone group. Please make sure that the pemission for everyone is present as
"deny jcr:all /content/dam/organization/project1".
HI @sravs
I have added the below permissions from /security/permissions.html however still the required permissions are not coming.
group1 -- "allow jcr:all /content/dam/organization/project1"
group2 -- "allow jcr:all /content/dam/organization/project1"
everyone -- "deny jcr:all /content/dam/organization/project1".
Please help
The jcr:read permission alone is enough for view privileges.
Setting everyone to deny, with group1 and group2 set to allow for jcr:read on path /content/dam/organization/project1 should have worked!
Is it possible you have multiple permissions acting on "everyone" group?
Can you share the permissions for the "everyone" group if there are multiple ACE defined for /content/dam path?
Hi @Prashardan ,
To set up folder-level restrictions in AEM so that only specific groups (group1 and group2) can access a folder while preventing access for all other users, you need to correctly configure the permissions. Here are the steps to ensure that only the desired groups have access:
Navigate to the Folder:
Set Deny Permissions for Everyone Else:
Allow Permissions for Specific Groups:
Check Effective Permissions:
Deny Permissions for Everyone Else:
Allow Permissions for group1 and group2:
Reverse Permissions Issue: If you are experiencing issues where permissions seem to be applied in reverse, double-check the order and precedence of permissions. In AEM, deny permissions typically take precedence over allow permissions, so setting global deny permissions can inadvertently block access for all users, including those explicitly allowed.
Verify Effective Permissions: Use the Permissions UI in AEM to verify the effective permissions for the specific groups and users. This UI helps you to see exactly what permissions are applied and can help diagnose issues.
Inheritance of Permissions: Make sure that permissions are not being inherited from parent folders that might contradict your settings. Explicitly setting permissions on the project1 folder should override inherited permissions, but it's good to verify.
Denying Everyone:
Allowing Specific Groups:
By carefully setting these permissions, you ensure that only members of group1 and group2 can access the project1 folder while all other users, including those in the Everyone group, are denied access.
Following these steps should give you the desired restriction setup on the project1 folder in AEM.
@Prashardan Did you find the suggestions from users helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!
Views
Replies
Total Likes