Hi,
Is there a way to provide access to a folder in AEM without providing access to its sub-folders.
Currently the way it works is if you provide permission to the parent folder, all children folders inherit the access automatically.
So you would need to deselect the checkbox from the child folders if you want to provide access to selective sub-folders.
For example, for our case there is a Vendor content folder under which there are around 200 company folders.
Now ideally a user should only be able to see his company folder alone. However in order to achieve that I would have to provide access to the Vendor folder and then deselect the access from 199 folders leaving aside the company folder the user belongs to. This is very painful and error prone as its humongous manual work.
Can anyone please help here?
Thanks, Souradeep
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].
kind regards,
Jörg
[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs
Views
Replies
Total Likes
Hi,
You can create a wildcard-ACL and disallow access to all company folders. Then you can place an explicit "allow read" on the company folder for a user, which should be able to see this company. But you no longer need to maintain the "deny" list. See [1].
kind regards,
Jörg
[1] http://wiki.apache.org/jackrabbit/AccessControl#Principal-based_ACLs
Views
Replies
Total Likes
Hi Jorg,
Thanks for the update, however this is not working as expected. Sitting on the vendor(/content/dam/vendor) folder if I add a ACL doing deny with rep:glob as /*, ideally the vendor folder should still be visible and the child company folders should not. But here, the vendor folder itself is becoming inaccessible. I am using AEM 6 with SP2 with OAK 1.0.12.
Thanks, Souradeep
Views
Replies
Total Likes
Hi Jorg, this is working fine if I explicitly set deny all for each of the company folders and then allow for the required users. This of course is saving time, however I thought I need not individually set deny all for each of the company folders and that could be achieved using deny all with rep:glob as /* sitting on the vendor folder.
Thanks, Souradeep
Views
Replies
Total Likes
Views
Likes
Replies