Our developer was able to do this locally on their instance of AEMaaCS but confirmed it did not work for them in our actual Stage environment so perhaps that is a limitation of AEMaaCS?   Here are my groups in Stage, just the defaults plus the out of the box "administrators" group:

From your answer it looks like this needs to be done by one of our developers and cannot be done by the User Admin using the ACL controls in Tools > Security > Permissions?

Working in AEMaaCS and have a need to hide items from below the Tools menu. Essentially we only want General and Assets to be visible to our users.  What are the paths we need to set to deny jcr:read for these items? I have found an answer for hiding "Sites" on the on-prem version of AEM 6.5 but am...

I have tried to do this and am not able to do so.  I am logged in with my account that is a member of the out of the box Administrators group, and attempted to add the deny read via an ACE and received the following error: Any idea why the Administrator would receive this error message? I can succe...

Thank you for the reply, that's a lot of good info! I think I will need to reach out to the CSE support as I am still getting the same error as before.  

Thanks for the response!   I am logged into the product environment as myself, a member of administrators group.   Here's what I have in Admin Console: And in the AEMaaCS environment I'm in the OOTB administrators group: When I tried to add the /libs/cq/core/content/nav/sites path, it doesn't show...

Working in AEMaaCS and need to hide the Projects, Sites and Experience Fragments options on the AEM Start page (aem/start.html) shown below: In the non-cloud AEM experience you can hide these types of things easily through ACLs by creating a deny for the paths  /libs/wcm/core/content/sites and /lib...

I have set the following permissions in a user group where I want them to be able to have all access to the DAM except for the training documentation folder where they should only have read.   I thought this would be simple but it doesn't seem to be working as the user in this group can edit an asse...

I am new to user admin and am creating groups and impersonating users to test the permissions. Is there a way to see a list of who I can impersonate? I'm thinking of future instances where a user might want to know who has granted them permission to impersonate. They can only see who they have gran...

Is there a way to hide the Insights tab for Authors within the asset properties view?