How to assign permissions on workflow-models

Question

In some cases it might be useful to restrict access and thus visibility of select workflow-models to users/groups. How is it possible to assign effective permissions on workflow-models which are not visible in the CQ5 Security Admin?

Answer, Resolution

In order to set ACLs on workflow-models, the CRX Content Explorer has to be used. The following steps exemplify how to deny READ access to the Publish Example workflow-model.

Please note: depending on the actual CQ version, the procedure differs slightly.

CQ5.1, CQ5.2.x

  • logged in as admin, open the crx.default workspace with the CRX Content Explorer
  • navigate to the Publish Example workflow-model /etc/workflow/models/publish_example
  • make sure the node is selected in the tree on the left
  • in the upper toolbar, click on the Versions button and select Checkout
  • the workflow-model is now editable
  • next click on the Security button and select ACL Editor
  • create a New Permission, select a group and deny READ (leave the rest untouched)
  • click Apply and close the window
  • now checkin the workflow-model via Versions -> Checkin

At this point, all members of the above group will neither see the Publish Example workflow-model in the sidekick nor in the workflow-console.

CQ5.3

  • logged in as admin, open the crx.default workspace with the CRX Content Explorer and checkout the workflow-model node (same as above)
  • next click on the Security button and select Access Control Editor
  • in the Applicable Access Control Policies section, mark the checkbox next to org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate
  • click on Set selected policies
  • next click on New ACE
  • browse the Principal (user/group) for which a privilege is to be set
  • DENY jcr:read and confirm
  • click Apply and close the window
  • now checkin the workflow-model via Versions -> Checkin

Applies to

CQ5.1, CQ5.2.x, CQ5.3

 Adobe

Saage abi kiiremini ja hõlpsamalt

Uus kasutaja?