unable to remove permission from admin group

Question

I have create a custom-admin group and that is inheriting all the properties from the OOTB Administrator group. But i dont want my group to have replicate permission, so im trying to remove them from my custom-group (after rinheriting from the OOTB group). but everytime i remove from/root, /apps, /content etc, and save and refresh, all the permissions are coming back again. what should i do?

joerghoh · Accepted Answer

Why does your custom-administrators group inherit from the default "administrators" group? It's much easier if you don't do that and model that group from scratch.

(And besides that: even if your case would work, every member of this group has the write-acl permission, so they can add the replicate privilege at will.)

Jörg

arunpatidar · Answer

Using deny can cause unexpected effects if the permissions are applied in a different order than the order expected. If a user is a member of more than one group, the Deny statements from one group may cancel the Allow statement from another group or vice versa. It is hard to keep an overview when this happens and can easily lead to unforeseen results, whereas Allow assignments do not cause such conflicts.

Adobe recommends that you work with Allow rather than Deny see Best Practices.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded