Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

User permission restrictions on parent page, but not on child page

SiriusRex
Level 2
Level 2

I'd like to restrict editing on the top page of our site, as well as a few key child pages, while at the same time allowing users to edit pages beneath these key pages.

For example:

example.com/homepage is our parent page that we want to restrict access to.

example.com/homepage/topic1 is a child page that anyone can edit as necessary.

 

Because of cascading permissions, if I deny access to /homepage, then I'm denying access to all child pages.

I can, of course, deny access to /homepage, and then manually allow access to all the child pages, but this seems like a nightmare to maintain. 

 

Do I have any options here? We recently had an issue where an author modified our landing page without checking in with the team that owns the landing page. I'm trying to figure out the best way to restrict access to the landing page, so other ideas are welcome. 

 

Thanks!

Experience Manager Permissions
1 Accepted Solution
raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

You can create a new group called "super users" and assign permissions to access only the parent page, the people who are in that group can only edit the parent page.

 

 

View solution in original post

4 Replies
raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

You can create a new group called "super users" and assign permissions to access only the parent page, the people who are in that group can only edit the parent page.

 

 

View solution in original post

SiriusRex
Level 2
Level 2
I'm not sure this is the right answer. I want a group that can edit all of the pages, and a group that can edit all of the pages under that parent, but not the parent. Your solution would create a group that can only edit the parent. Am I missing something?
Umesh_Thakur
Community Advisor
Community Advisor

Instead of going for User permission and ACL why are you not using locking and unlocking of the page at template level or even page level?

This should work fine in your scenario.

 

jbrar
Employee
Employee

You can use rep:glob for this requirement.  See below for more details:

 

Screen Shot 2021-03-09 at 10.52.26 AM.png

 

Example: If you set rep:glob="" then it will only apply the permissions to the current node and not on the child nodes.

 

[1] https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html