How to grant users access to only edit pages under a certain branch of /content

Search
Experience Manager User Guide

On this page

Applies to: Experience Manager

Objective

How to work with AEM permissions using CRXDE to simplify the permission model.  This includes:

  1. Granting users access to only edit pages under a certain branch of /content without denying them access to all sibling nodes.
  2. Optionally denying them the ability to delete pages under that branch.

Steps

To explain how to allow users to modify content under a certain branch of content without 

1. Grant the user read access to the /content/experience-fragments:

  1. Go to http://host:port/crx/de/index.jsp and log in as admin.

  2. Browse and select the node /content/experience-fragments.

  3. In the bottom right panel, select the Access Control tab.

  4. Click the green plus icon to the right to add Access Control Policy (the policy exists if you see access control entries listed - in that case, go to the next).

  5. Click the green plus icon to add Access Control Entry.

  6. Enter a Principal which is the id of the group that you want to grant the access to.

  7. Enable the check box for jcr: read

  8. Expand Advanced, under rep: glob enter double quotes ""

  9. Click OK.

2. Add access to create, read, update, and delete pages in the desired branch of experience fragments.

  1. Using CRXDe, go to the desired subpath under /content/experience-fragments, for example /content/experience-fragments/intuit.

  2. In the bottom right panel, select the Access Control tab.

  3. Click the green plus icon to the right to add Access Control Policy (the policy exists if you see access control entries listed - in that case, go to the next step).

  4. Click the green plus icon to add a new Access Control Entry.

  5. Enter a Principal which is the id of the group that you want to grant the access to.

  6. Enable the check box for jcr: read and rep: write.

  7. Click OK.

3. Grant the users access to edit pages without allowing them to delete pages.

  1. Click the green plus icon again to add another Access Control Policy.

  2. Enter the same Principal as in the previous steps.

  3. Select Deny for the Type.

  4. Expand Advanced and enable the check boxes for jcr: removeChildNodes and rep: removeProperties.

  5. Click OK.

  6. Click the green plus icon to add a new Access Control Entry.

  7. Enter a Principal as in the previous steps.

  8. Expand Advanced and enable the check boxes for jcr: removeChildNodes and rep: removeProperties.

  9. Under rep: glob, enter */jcr: content*

  10. Click OK.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Choose your region

Selecting a region changes the language and/or content on Adobe.com.

Americas
Brasil
Canada - English
Canada - Français
Latinoamérica
México
United States
Europe, Middle East and Africa
Africa - English
België
Belgique
Belgium - English
Česká republika
Cyprus - English
Danmark
Deutschland
Eesti
España
France
Greece - English
Ireland
Israel - English
Italia
Latvija
Lietuva
Luxembourg - Deutsch
Luxembourg - English
Luxembourg - Français
Magyarország
Malta - English
Middle East and North Africa - English
Nederland
Norge
Österreich
Polska
Portugal
România
Schweiz
Slovenija
Slovensko
Suisse
Suomi
Sverige
Svizzera
Türkiye
United Kingdom
България
Россия
Україна
الشرق الأوسط وشمال أفريقيا - اللغة العربية
ישראל - עברית
Asia - Pacific
Australia
Hong Kong S.A.R. of China
India - English
New Zealand
Southeast Asia (Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam) - English
中国
中國香港特別行政區
台灣
日本
한국
Commonwealth of Independent States
Includes Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Turkmenistan, Ukraine, Uzbekistan