Reputation: 489
How to use READ ACL, Edit ACL permissions in AEM?
Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.
On surfing internet i found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."
Can any one explain this with a good example.?
Upvotes: 1
Views: 5579
Answers (2)
Reputation: 1856
As per reference link
Read ACLs - The user can read the access control list of the page or child pages.
Edit ACL - The user can modify the access control list of the page or any child pages.
Example to understand details
- Create a test user and provided permissions (make this to be part of content-author group, so that user can access aem, instead of manually providing all permissions). On apps folder test user provide both Read and Edit ACLs. On content folder test user provide only Read ACLs permission. When test user logs in a new instance and accesses /useradmin.
test user cannot see permissions on other folders, as there is not permission to read ACLs
test user can see read only checkboxes on
contentfolder as there is only Read ACLs permissiontest user can see the checkboxes as editable on
appsas user has both Read ACLs and Edit ACLs permissions. Just Edit ACLs doesn't works without Read ACLs.
For Create, Modify, Update, Delete - if user has that permission on that node, test user would be able to perform that action on that node.
ACLs related - If user has read/edit ACL permission, user would be able to read/edit permissions of that node
Upvotes: 2
Reputation: 3444
As per https://docs.adobe.com/content/docs/en/spec/jcr/2.0/16_Access_Control_Management.html
Read, Modify, Create, Delete are all related to respective operations on the resource. Any user with these privileges can modify the node/resource.
Read ACL and Edit ACL are both related to reading and modifying the privileges (Read, Modify, Create, Delete) for that resource. Any user with these privileges can read and modify the privileges on that resource. This is useful for process accounts that want to lock down node modification during some processing.
Upvotes: 1
Related Questions
- AEM How to package user group and permission in AEM 6
- CQ5 / AEM Change permissions on groups with curl
- In aem access control list evaluation, when a user is part of 2 groups one has allow permission and other has deny which will get applied?
- How to add extra privilages for my Symfony 2 ACL's
- How to create user and group in aem6.2 programmatically with ACL permissions?
- If a user is a member of different groups, which group's permissions does he have in AEM?
- Permissions removed while upgrading from AEM6.0 to AEM6.1
- Programatically Give Group Permission in AEM?
- How to read Group permissions and write it to an Excel in AEM
- Adding permissions to ACL