Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

User permission restrictions on parent page, but not on child page

Avatar

Level 2

I'd like to restrict editing on the top page of our site, as well as a few key child pages, while at the same time allowing users to edit pages beneath these key pages.

For example:

example.com/homepage is our parent page that we want to restrict access to.

example.com/homepage/topic1 is a child page that anyone can edit as necessary.

 

Because of cascading permissions, if I deny access to /homepage, then I'm denying access to all child pages.

I can, of course, deny access to /homepage, and then manually allow access to all the child pages, but this seems like a nightmare to maintain. 

 

Do I have any options here? We recently had an issue where an author modified our landing page without checking in with the team that owns the landing page. I'm trying to figure out the best way to restrict access to the landing page, so other ideas are welcome. 

 

Thanks!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 8

You can create a new group called "super users" and assign permissions to access only the parent page, the people who are in that group can only edit the parent page.

 

 

View solution in original post

4 Replies

Avatar

Correct answer by
Level 8

You can create a new group called "super users" and assign permissions to access only the parent page, the people who are in that group can only edit the parent page.

 

 

Avatar

Level 2
I'm not sure this is the right answer. I want a group that can edit all of the pages, and a group that can edit all of the pages under that parent, but not the parent. Your solution would create a group that can only edit the parent. Am I missing something?

Avatar

Community Advisor

Instead of going for User permission and ACL why are you not using locking and unlocking of the page at template level or even page level?

This should work fine in your scenario.

 

Avatar

Employee Advisor

You can use rep:glob for this requirement.  See below for more details:

 

Screen Shot 2021-03-09 at 10.52.26 AM.png

 

Example: If you set rep:glob="" then it will only apply the permissions to the current node and not on the child nodes.

 

[1] https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html