Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Tenant Specific Permissions in Experience Fragments and Templates

Avatar

Level 2
Level 2
6/10/20 7:28:46 AM

I have set up permissions for tenant specific users as follows:

Path = / with restrictions = */tenant

 

This structure has worked to provide tenant specific access in sites and assets, however, this format does not restrict the experience fragments and templates to the same tenant specificity. To troubleshoot, I've attempted to deny jcr:read to path = / with restrictions = */content/experience-fragments/* which does not work either.

I believe the URL for experience fragments including "/aem" is the problem:

Sites --> https://<url>/sites.html/content

Assets --> https://<url>/assets.html/content/dam

Experience Fragments --> https://<url>/aem/experience-fragments.html/content/experience-fragments

 

I'm also seeing the same inability for tenant restrictions in templates, but I need to do some more troubleshooting there since it's under /conf instead of /content.

 

Has anyone else attempted permissions in a multi tenant environment where each tenant only has access to their specific information?

 

Views

1.9K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
6/10/20 11:33:18 AM

Hi,

Yes, we have set up the tenant specific permission for site, assets, templates and experience fragment.

do not deny permission, just allowed only for the tenant.

 

 

path: /content/experience-fragments/aem63app
permission: allow
actions: actions (optional, comma separated)

 



Arun Patidar

View solution in original post

Views

1.8K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
6/10/20 11:33:18 AM

Hi,

Yes, we have set up the tenant specific permission for site, assets, templates and experience fragment.

do not deny permission, just allowed only for the tenant.

 

 

path: /content/experience-fragments/aem63app
permission: allow
actions: actions (optional, comma separated)

 



Arun Patidar

Views

1.8K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
6/11/20 7:54:48 AM
In response to arunpatidar

The permissions I have defined are only for allows, however, I attempted the deny to see if I can restrict the permissions effectively at experience fragments which did not work.

 

I have the following:

Path: /

Permission: allow

Restrictions: rep:glob="*/tenant*

 

for sites and assets, this permissions grants me specific access to only that one tenant. For experience fragments, I am not seeing the experience fragments that relate specifically to the tenant I've defined.

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/11/20 8:21:46 AM
In response to arunpatidar
I located the problem. The everyone group granted /content/experience-fragments for jcr:read with no restrictions so it gave read only access to everything. I added rep:glob="" and now my permissions are tenant specific.

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
RTE full options not appearing in minimized view AEM 6.5 cloud Solved

Views

166

Likes

0

Replies

4
How to migrate JTW to OAuth2 and use it in the Jenkins pipeline?

Views

65

Likes

0

Replies

3
I have a component based on show-hide in AEM. can any one help on this

Views

42

Likes

0

Replies

1
Regarding User Roles and Permissions API of Adobe commerce

Views

43

Likes

0

Replies

0
Redirection Not working specific pages in Dispatcher server

Views

89

Likes

0

Replies

1