Question

How can I hide some of the CMS consoles / tabs (like the Site Admin, DAM Admin, Tools, Security, Workflow and Tagging) via permissions?

Resolution

Set the READ permission for users/groups on the corresponding console node (nodetype cq:Console).

As of CQ 5.3, the node paths are:

Console Path
Site Admin/libs/wcm/core/content/siteadmin
DAM Admin/libs/wcm/core/content/damadmin
Tools/libs/wcm/core/content/misc
Security/libs/cq/security/content/admin
Workflow/libs/cq/workflow/content/console
Tagging/libs/cq/tagging/content/tagadmin

You can do this via the CRX Content Explorer

  1. Log into http://<host>:<port>/crx as admin (via your web browser)
  2. Open Content Explorer
  3. In the left panel, browse to and select the node for the console you want to hide (see table of paths above)
  4. On the top right of the "CRX Explorer" window, open Security >> -> Access Control Editor
  5. Enable the checkbox for ACL and click Set Selected Policies
  6. Click New ACE
  7. Select the group you want to block the Tools icon for and set jcr:read deny
  8. Click the green check mark to confirm
  9. On the bottom right of the dialog box click Ok or Apply

Warning: These paths are different in older CQ5 versions and can possibly change in future CQ5 versions. Just check the URLs of the consoles to get the correct node paths.

Warning: In CQ 5.3, you don't see those nodes in the Security "page permissions" user interface. As a workaround, use the CRX Content Explorer to set those permissions.

Applies to

CQ5.3

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy