Expand my Community achievements bar.

SOLVED

User Admininstration

Avatar

Level 3

Hi,

Is there a way to provide access to a folder in AEM without providing access to its sub-folders.

Currently the way it works is if you provide permission to the parent folder, all children folders inherit the access automatically.

So you would need to deselect the checkbox from the child folders if you want to provide access to selective sub-folders.

For example, for our case there is a Vendor content folder under which there are around 200 company folders.

Now ideally a user should only be able to see his company folder alone. However in order to achieve that I would have to provide access to the Vendor folder and then deselect the access from 199 folders leaving aside the company folder the user belongs to. This is very painful and error prone as its humongous manual work.

Can anyone please help here?

Thanks, Souradeep

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].

kind regards,
Jörg

[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs

View solution in original post

3 Replies

Avatar

Correct answer by
Employee Advisor

Hi,

You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].

kind regards,
Jörg

[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs

Avatar

Level 3

Hi Jorg,

Thanks for the update, however this is not working as expected. Sitting on the vendor(/content/dam/vendor) folder if I add a ACL doing deny with rep:glob as /*, ideally the vendor folder should still be visible and the child company folders should not. But here, the vendor folder itself is becoming inaccessible. I am using AEM 6 with SP2 with OAK 1.0.12.

Thanks, Souradeep

Avatar

Level 3

Hi Jorg, this is working fine if I explicitly set deny all for each of the company folders and then allow for the required users. This of course is saving time, however I thought I need not individually set deny all for each of the company folders and that could be achieved using deny all with rep:glob as /* sitting on the vendor folder.

Thanks, Souradeep