You have SSO setup in your environment that you can get to crx/de and
package manager? My issue is that we can't have users in the system that
circumvent SAML or CASB. Since CASB is not working, SAML or even SSO are
the best practices options we have.
I located the problem. The everyone group granted
/content/experience-fragments for jcr:read with no restrictions so it
gave read only access to everything. I added rep:glob="" and now my
permissions are tenant specific.
The permissions I have defined are only for allows, however, I attempted
the deny to see if I can restrict the permissions effectively at
experience fragments which did not work. I have the following:Path:
/Permission: allowRestrictions: rep:glob="*/tenant* for sites and
assets, this permissions grants me specific access to only that one
tenant. For experience fragments, I am not seeing the experience
fragments that relate specifically to the tenant I've defined.
I have set up permissions for tenant specific users as follows:Path = /
with restrictions = */tenant This structure has worked to provide tenant
specific access in sites and assets, however, this format does not
restrict the experience fragments and templates to the same tenant
specificity. To troubleshoot, I've attempted to deny jcr:read to path =
/ with restrictions = */content/experience-fragments/* which does not
work either.I believe the URL for experience fragments including "/aem"
is the ...
I have been working with our CSE for a couple weeks trying to get two
SAML authentications set up. Our platform admins will need to be able to
access CRX and package manager through a SAML authentication. Currently,
our primary SAML authentication is being blocked at the load balance so
CRX and package manager are not accessible. We are attempting to set up
a second SAML authentication that will redirect our platform admin users
to a separate URL provided by our CSE. We have had a few issues wit...
The platform admin role for my company has gone through an internal
audit. I have the platform admin group as a child to the out of the box
admin group which grants (what appears to be) a blank check for
permissions to the system. The item that has come out of the audit is
that the users in the platform admin group are able to create and
publish content which bypasses the workflow process. What I'm hoping to
accomplish is to remove the ability to create content. I cannot seem to
find a way to re...
We are having an issue with uploading and installing a package in Google
Chrome. When looking at the page source, there are references to flash
which is due to go away by end of year. Can anyone confirm if CRX (AEM
6.5) does in fact use CRX? If so, has there been any communication from
Adobe on a replacement for it? I can't seem to find anything on line
tying CRX to flash.