Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Which is having higher precedence ACL or Closed Group.

Avatar

Level 7

Lets say I have MyFolder in Assets.

I have set 10 users ACL as jcr:read.

out of 10 only for 4 users I have set as a closed users/group.

Then in effect how many users will able to access the Myfolder.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

I validated directly on publisher after login from 2 different users. User A from Group A and User B from Group B. I tested on we-retail assets folder and for only User A it was visible in CRXDE.

View solution in original post

13 Replies

Avatar

Community Advisor

Hi,

 

I think all 10 users should have access to the folder as all of them are given read access. 

Avatar

Employee

Please check the ACL resolution for specific groups. That will give you an idea about the permission being set on on the specific resources.

 

Go to Tools -> Security->Permissions and select the user for which you want to check the permissions

Avatar

Level 3

Hello - All 10 users should have read access to the "Assets" folder.

Avatar

Community Advisor

Only 4 users should have access as CUG will allow jcr:read access to only those users/group which are added at folder level. For other 6 users, even if you give read access it will be non-effective and that folder wont be accessible to them.

Refer this screenshot from : 

https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups....

sachinarora_1-1659591990372.png

sachinarora_0-1659591785861.png

I have validated similar use case using 2 groups(A and B) while only group A was added in CUG. Both groups had full access of content in terms of permission but for only group A folder is accessible. 

Avatar

Level 7

hi @Sachin_Arora_  Thank you 

I have validated similar use case using 2 groups(A and B) while only group A was added in CUG. Both groups had full access of content in terms of permission but for only group A folder is accessible. 

How you check this 

using json responce?

Avatar

Correct answer by
Community Advisor

I validated directly on publisher after login from 2 different users. User A from Group A and User B from Group B. I tested on we-retail assets folder and for only User A it was visible in CRXDE.

Avatar

Level 7

@Sachin_Arora_  

Also let say if we have given 10 user jcr:read ACL of that folder.

and none of us is added in CUG then 

in effect will that 10 users able to read the folder?

Avatar

Community Advisor

If CUG is not having anything then yes 10 users will be able to see. If CUG has some group/user other that 10 users then No.

Avatar

Level 7

Sorry @Sachin_Arora_ 

but one last scinario.

 

I have gave MyFolder as deny jcr:read to user1.

and same user1 is present in CUG then will it able to get Myfolder?

Avatar

Community Advisor

I dont think user will be able to see folder in this case.I would suggest to setup your local instance and validate once.