What permissions does someone need to Move content? | Community
Skip to main content
M
maflint
Level 2
February 14, 2019

What permissions does someone need to Move content?

  • February 14, 2019
  • 2 replies
  • 3104 views

Hi,

We recently upgraded from AEM v6.2 to v6.4. Under v6.2 (and earlier) we had a delegated administration model, where people who were not in the out-of-the-box "administrators" group could work within their folder structures independently. Meaning they could move pieces of content from one folder to another without any "administrator" assistance. Now that we are on v6.4, people who are not in the "administrators" group are automatically triggering "Request to complete Move operation" workflows. Those workflows sit until an administrator like myself happens to notice it and then approve the move.

I have been Googling for an answer but not finding anything. What permissions does someone need to Move content? Do we need to add them to some group so it does not trigger the workflow? Or should we just modify what I assume is the out-of-the-box workflow "Request to complete Move operation" to replace its steps with a no-operation step? Something else?

Any suggestions would be appreciated.

Mark

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

    2 replies

    Gaurav-Behl
    Gaurav-Behl
    Level 10
    February 17, 2019

    Move operation involves create/modify/delete ACLs. You may use /useradmin console to apply the same permissions for either user/group for specific paths including /libs for '/libs/granite/omnisearch/content/metadata/site/actions'.

    If you want to be very restrictive in granting ACLs then you may have to use /crx/de to apply specific ACLs on specific paths.

    Could you check if there is a workflow launcher configured for the "Request to complete Move operation"? Modifying launcher would be better than the workflow model itself.

    M
    maflintAuthor
    Level 2
    February 18, 2019

    I am a little confused I think. Currently the delegated administrators in question have Read, Modify, Create, Delete and Replicate, leaving Read ACL and Edit ACL unchecked. This had been done since we started with AEM 5.2, but exactly why our architect at the time did it that way is unclear. Are you saying that under AEM 6.4 we would have to allow them Read ACL and Edit ACL too?

    In the past our "administrators" group people would set the ACLs for the folder structures for the delegated administrators, who would control parts of the folder structures, and then the delegated administrators would work within them without issue. Wouldn't giving them ability to Edit ACLs allow them to do whatever they wanted to the security?

    Please clarify. Thank you.

    VeenaVikraman
    Community Advisor
    VeenaVikramanCommunity Advisor
    Community Advisor
    February 17, 2019

    Hi Mark

        I have been faced with a similar issue long back , as my business wanted a group , where the content authors should have permission to COPY, MOVE but NOT DELETE. Unfortunately , moving a content needs delete permission also in AEM. Since moving means you should delete the node and then add the node to new location, a delete permission for the user is needed to complete this action.

    Thanks

    Veena

    arunpatidar
    Community Advisor
    arunpatidarCommunity Advisor
    Community Advisor
    February 18, 2019

    This is interesting, but you could have handle this by hiding delete button from menu based on user group.

    I know this is not possible through CRXDE.

    Arun Patidar
    VeenaVikraman
    Community Advisor
    VeenaVikramanCommunity Advisor
    Community Advisor
    February 20, 2019

    We didn't wanted to add much customization to the console itself. But I can give it a try for learning purpose

    Terms & ConditionsAccessibility statement

    Loading footer...