Problem

How is it possible to disable Site Admin actions for particular groups, e.g. Activate?

Resolution

Following the concept 'Everything is content', Site Admin actions as such are also pure nodes in the repository which are thus subject of access control.

In order to disable and completely hide a certain action in the Site Admin console for a particular group, a corresponding group ACL has to be defined that denies read access to this action.

Following example will deal with the Activate action.

In order to set the actual ACL on above action node, the CRX Content Explorer has to be used. Following are the steps how to disable the Activate action for a group:

  • logged in as admin, open the crx.default workspace with the CRX Content Explorer and navigate to /libs/wcm/core/content/siteadmin/actions/activate
  • next click on the Security button and select Access Control Editor
  • in the Applicable Access Control Policies section, mark the checkbox next to org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate
  • click on Set selected policies
  • next click on New ACE
  • browse the Principal for the group for which a privilege is to be set
  • DENY jcr:read and confirm
  • click Apply and close the window

At this point, members of the above specified group won't have access to the Activate action anymore.

Based on the above given instructions, basically all other actions available in the Site Admin can be equally controlled via permissions. Following is a list of paths under which actions reside for different consoles:

Console
Path
Site Admin
/libs/wcm/core/content/siteadmin/actions
DAM Admin /libs/wcm/core/content/damadmin/actions
Tools /libs/wcm/core/content/misc/actions
Security Admin /libs/cq/security/content/admin/authlist/actions

Applies to

CQ 5.3

CQ 5.4

이 작업에는 Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License의 라이센스가 부여되었습니다.  Twitter™ 및 Facebook 게시물은 Creative Commons 약관을 적용받지 않습니다.

법적 고지 사항   |   온라인 개인 정보 보호 정책