Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

User Admininstration

Avatar

Level 3
Level 3
10/15/15 7:28:38 PM

Hi,

Is there a way to provide access to a folder in AEM without providing access to its sub-folders.

Currently the way it works is if you provide permission to the parent folder, all children folders inherit the access automatically.

So you would need to deselect the checkbox from the child folders if you want to provide access to selective sub-folders.

For example, for our case there is a Vendor content folder under which there are around 200 company folders.

Now ideally a user should only be able to see his company folder alone. However in order to achieve that I would have to provide access to the Vendor folder and then deselect the access from 199 folders leaving aside the company folder the user belongs to. This is very painful and error prone as its humongous manual work.

Can anyone please help here?

Thanks, Souradeep

Views

1.5K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:38 PM

Hi,

You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].

kind regards,
Jörg

[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs

View solution in original post

Views

817

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:38 PM

Hi,

You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].

kind regards,
Jörg

[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs

Views

818

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
10/15/15 7:28:38 PM

Hi Jorg,

Thanks for the update, however this is not working as expected. Sitting on the vendor(/content/dam/vendor) folder if I add a ACL doing deny with rep:glob as /*, ideally the vendor folder should still be visible and the child company folders should not. But here, the vendor folder itself is becoming inaccessible. I am using AEM 6 with SP2 with OAK 1.0.12.

Thanks, Souradeep

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
10/15/15 7:28:38 PM

Hi Jorg, this is working fine if I explicitly set deny all for each of the company folders and then allow for the required users. This of course is saving time, however I thought I need not individually set deny all for each of the company folders and that could be achieved using deny all with rep:glob as /* sitting on the vendor folder.

Thanks, Souradeep

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Cloud, impersonate user Solved

Views

313

Likes

0

Replies

7
AEM Users: Which Third-Party Tool Do You Prefer - Veracode, Snyk, or Others ? Solved

Views

151

Likes

0

Replies

4
Access rights for folders based on users Solved

Views

128

Likes

0

Replies

1
Check if user has replicate rights through java code Solved

Views

262

Likes

0

Replies

3
AEM Workflow to return multiple groups and users in a Participant Step Chooser Solved

Views

375

Likes

0

Replies

7