Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Setting permissions on content fragment variations

Avatar

Level 1
Level 1
2/25/19 10:06:31 AM

Is it possible to set alternate permissions on variations within content fragments?  In my workflow, the master needs to be a "read-only" version.  Authors should be able to create and edit variations, but they can't change the master. I don't see ACLs in useradmin for the variations, just the CF itself.  Is it possible to do this?

Thanks,

Brian

Views

876

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

View solution in original post

Views

795

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

Views

796

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
2/27/19 10:08:10 AM

Thanks for the suggestion, I will look into that.

Views

800

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEMaaCS - How to remove default Cache-Control on HTML responses? Solved

Views

511

Likes

0

Replies

4
Experience Fragment issue on cloud

Views

26

Likes

0

Replies

0
Without using CRXDE Lite, and just the AEM Authoring interface, can you move multiple (100+) pages from one node to another?

Views

22

Likes

0

Replies

1
Page Creation on Author Instance from Publish-Based Form Submission

Views

76

Likes

0

Replies

3
How to Expose a Custom Resolver Field in Content Fragments for AEM GraphQL queries Without Editing the Fragment Model

Views

1.9K

Likes

0

Replies

3