Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

User Permission ACL

Avatar

Level 3

Hi team,

 

Under apps folder, we have many folders like clientslibs,core,settings and many other default folders.

We have created a custom folder called "Custom" under apps.

arvindpandey_0-1722440989722.png

 

 

There is a user who should have READ permission only on Custom Folder and NOT for  any other folders under /apps.

 

I know using useradmin, I can uncheck all other check boxes and tick only Custom folder.

 

But is there any other smart way to do it using ACE/Access Control List /Permission tabs?

 

 

1 Accepted Solution

Avatar

Correct answer by
Level 3

Hi @kautuk_sahni , 

 

Correct solution I discovered as below:

arvindpandey_0-1724239752438.png

 

 

arvindpandey_1-1724239787269.png

 

 

 

View solution in original post

5 Replies

Avatar

Level 5

Hi @arvindpandey ,

 

You can add it on the permissions dashboard via UI, I would suggest deny everything for the parent path and then selectively allow the paths which you want the user to have permission to.

deny - jcr:all /apps & then jcr:read for /app/custom

anupampat_0-1722441273965.png

 

Or you can Use Netcentric tool to keep the permissions via code i.e. yaml files. Check https://medium.com/@saumyajain3007/configuring-netcentric-ac-tool-in-aemaacs-e13f5590e497 for more info

Avatar

Level 3

Hi @anupampat 

 

Thanks for your kind reply. Using what you suggested, /apps node is not checked. I can write ACE for each and every child folders as deny and allow only for Custom BUT is there any better way like  using regular expression etc. 

Our goal is to achieve as below:

arvindpandey_0-1722444828616.png

 

Avatar

Level 1

Hi @arvindpandey ,

 

While adding the ACE to the user or group you can see the restrictions section, where you can add the read permissions for the particular folder itself and no need to add ACE for all the other nodes. 

Select rep:glob and add restriction value as "/custom*"

1000284597.png

 

Select rep:glob and add restriction value as "/custom*".

 

For more such usage refer to the URL below. 

https://techrevel.blog/2024/03/04/aem-user-permissions-tips-for-effortless-control/

Avatar

Administrator

@arvindpandey Did you find the suggestions from users helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni

Avatar

Correct answer by
Level 3

Hi @kautuk_sahni , 

 

Correct solution I discovered as below:

arvindpandey_0-1724239752438.png

 

 

arvindpandey_1-1724239787269.png