Go to http://host:port/crx/de/index.jsp and log in as admin.
Objective
How to work with AEM permissions using CRXDE to simplify the permission model. This includes:
- Granting users access to only edit pages under a certain branch of /content without denying them access to all sibling nodes.
- Optionally denying them the ability to delete pages under that branch.
Steps
To explain how to allow users to modify content under a certain branch of content without
1. Grant the user read access to the /content/experience-fragments:
-
-
Browse and select the node /content/experience-fragments.
-
In the bottom right panel, select the Access Control tab.
-
Click the green plus icon to the right to add Access Control Policy (the policy exists if you see access control entries listed - in that case, go to the next).
-
Click the green plus icon to add Access Control Entry.
-
Enter a Principal which is the id of the group that you want to grant the access to.
-
Enable the check box for jcr: read
-
Expand Advanced, under rep: glob enter double quotes ""
-
Click OK.
2. Add access to create, read, update, and delete pages in the desired branch of experience fragments.
-
Using CRXDe, go to the desired subpath under /content/experience-fragments, for example /content/experience-fragments/intuit.
-
In the bottom right panel, select the Access Control tab.
-
Click the green plus icon to the right to add Access Control Policy (the policy exists if you see access control entries listed - in that case, go to the next step).
-
Click the green plus icon to add a new Access Control Entry.
-
Enter a Principal which is the id of the group that you want to grant the access to.
-
Enable the check box for jcr: read and rep: write.
-
Click OK.
3. Grant the users access to edit pages without allowing them to delete pages.
-
Click the green plus icon again to add another Access Control Policy.
-
Enter the same Principal as in the previous steps.
-
Select Deny for the Type.
-
Expand Advanced and enable the check boxes for jcr: removeChildNodes and rep: removeProperties.
-
Click OK.
-
Click the green plus icon to add a new Access Control Entry.
-
Enter a Principal as in the previous steps.
-
Expand Advanced and enable the check boxes for jcr: removeChildNodes and rep: removeProperties.
-
Under rep: glob, enter */jcr: content*
-
Click OK.