Adobe Experience Manager Sites & More

abhishekb · 10/15/15

Hi,

If a user is part of multiple groups (e.g. authors, approvers, admin) and these groups have overlapping permissions in the sense that approvers can have all authors' permissions as well as some additional permissions, will that user have the maximum or minimum of these different permission sets ?

Is there any documentation around this ?

We're on AEM 6.1

Thanks,

Abhishek

Jörg_Hoh · 10/15/15

Hi,

please follow the best practices documented at [1]. If you follow these best practices and if you mean positive acls (allow read/write/...), then it's the combination of both groups.

Jörg

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/user-group-ac-admin.html#Best%20Practices

View solution in original post

Jörg_Hoh · 10/15/15

Hi,

please follow the best practices documented at [1]. If you follow these best practices and if you mean positive acls (allow read/write/...), then it's the combination of both groups.

Jörg

[1] https://docs.adobe.com/docs/en/aem/6-1/administer/security/user-group-ac-admin.html#Best%20Practices

edubey · 10/15/15

Hi,
Please take a look @ official documentation :

abhishekb · 10/15/15

The doc states that user principal permissions take precedence over group which makes sense. It is not quite clear over the permissions between two groups i.e which group will take precedence - the group with more permissions or less.

appreciate your response.

Lokesh_Shivalingaiah · 10/15/15

One of the quick way to check is in /crx/de

Select any folder, Click on 'Test Access Control' in Tools

Look at the order in which ACLs are listed and it would follow the same order.

Adobe Experience Manager Sites & More

User groups and permissions

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe