Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Setting permissions on content fragment variations

Avatar

Level 1
Level 1
2/25/19 10:06:31 AM

Is it possible to set alternate permissions on variations within content fragments?  In my workflow, the master needs to be a "read-only" version.  Authors should be able to create and edit variations, but they can't change the master. I don't see ACLs in useradmin for the variations, just the CF itself.  Is it possible to do this?

Thanks,

Brian

Views

672

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

View solution in original post

Views

591

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 10
Level 10
2/25/19 5:26:41 PM

I'm not sure if this would work but you may try to restrict the "write" permissions via /crx/de 'Access Control' tab

Remove the "jcr:write" and "rep:write" permissions on the path where your CFs are stored for "original" node for specific user/group.

E.g. say you've a Cf at '/content/dam/<we-retail>/<some_path>/myfragment'  then you'd add a new entry for a user/group (based on your requirements)

rep:glob as /content/dam/<we-retail>/<some_path>/myfragment/jcr:content/renditions/original  where you'd add all relevant permissions except the write permissions. You may add a REGEX for the same based on your requirements. This way you'd not have the write permissions on the original (master) version of CF but all other nodes including variations.

reference - https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html

Views

592

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
2/27/19 10:08:10 AM

Thanks for the suggestion, I will look into that.

Views

596

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Richtext data type not working in Content Fragment Model Solved

Views

104

Likes

0

Replies

1
Multifield Rollout in AEM 6.5.20.0 on-prem

Views

31

Likes

0

Replies

0
I have a component based on show-hide in AEM. can any one help on this

Views

79

Likes

0

Replies

5
Regarding User Roles and Permissions API of Adobe commerce

Views

44

Likes

0

Replies

0
Permissions for usersgroups for pages

Views

67

Likes

0

Replies

1