- Administering User Guide overview
- Sites Features
- Website Administration
- Asynchronous Jobs
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- Troubleshooting MSM Issues and FAQ
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Audit Log Maintenance in AEM 6
- Configure the Rich Text Editor
- Configuring RTE for Producing Accessible Sites
- Configuring Undo for Page Editing
- Configure the Rich Text Editor plug-ins
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- The Link Checker
- Troubleshooting AEM
- Managing Access to Workflows
- Starting Workflows
- Administering Workflows
- Administering Workflow Instances
- Using cURL with AEM
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Configuring Search Forms
- Tools Consoles
- Reporting
- Configuring Layout Container and Layout Mode
- Editor
- Enabling Access to Classic UI
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Principal View for Permissions Management
- Content Disposition Filter
- Custom User Group Mapping in AEM 6.5
- Same Site Cookie Support
- Personalization
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Learning Manager
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- Integration with Adobe Analytics using IMS
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic (Scene7)
- AEM Livefyre Recipes
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Integration with Adobe Target using IMS
- Adobe Classifications
- Solutions Integration
- Exporting Experience Fragments to Adobe Target
- Best Practices for Email Templates
- Integrating with Livefyre
- Best Practices
- Content Management
Principal View for Permissions Management
Overview
AEM 6.5 introduces Permissions Management for Users and Groups. The main functionality remains the same as the classic UI, but is more user friendly and efficient.
How to Use
Accessing the UI
The new UI based permissions management is accessed through the Permissions card under Security as shown below:
The new view makes it easier to look at the whole set of privileges and restrictions for a given principal at all paths where Permissions have been granted explicitly. This removes the need to go to
CRXDE to manage advanced privileges and restrictions. It has been consolidated in the same view. The view defaults to the Group “everyone”.
There is a filter that allows the user to select the type of principals to look at Users, Groups, or All and search for any principal.
Viewing Permissions for a Principal
The frame on the left allows users to scroll down to find any principal or search for a Group or a User based on the selected filter, as shown below:
Clicking on the name shows the assigned permissions on the right. The permissions pane shows the the list of Access Control Entries on specific paths along with configured restrictions.
Adding new Access Control Entry for a Principal
New permissions can be added by adding a new Access Controlling Entry by clicking the Add ACE button.
This brings up the window shown below, the next step is to choose a path where the permission needs to be configured.
Here we select a path where we want to configure a permission for dam-users:
After the path is selected, the workflow goes back to this screen, where the user can then select one or more of the privileges from the available namespaces (like jcr, rep or crx) as shown i below.
Privileges can be added by searching using the text field and then selecting from the list.
For a complete list of privileges and descriptions, please see this page.
After the list of privileges has been selected, the user can choose the Permission Type : Deny or Allow, as shown below.
Using Restrictions
In addition to list of privileges and the Permission Type on a given path, this screen also allows to add restrictions for fine grained access control as shown below:
For more information on what each restriction means, please consult the Jackrabbit Oak Documentation.
Restrictions can be added as shown below by choosing the restriction type, entering the value and hitting the + icon.
The new ACE is reflected in the Access Control List as shown below. Note that jcr:write is an aggregate privilege that includes jcr:removeNode that was added above, but is not shown below as its covered under jcr:write.
Editing ACEs
Access Control Entries can be edited by selecting a principal and choosing the ACE that you want to edit.
For example here we can edit the below entry for dam-users by clicking the pencil icon on the right:
The edit screen is shown with configured ACEs preselected, these can be deleted by clicking the cross icon next to them or new privileges can be added for the given path, as shown below.
Here we are adding the addChildNodes privilege for dam-users on the given path.
Changes can be saved by clicking the Save button on top right, and the changes will reflect in the new permissions for **dam-users **as shown below:
Deleting ACEs
Access Control Entries can be deleted to remove all permissions given to a principal on a specific path. The X icon on next to ACE can be used to delete it as shown below:
Classic UI Privilege Combinations
Note that the new permissions UI explicitly uses the basic set of privileges instead of predefined combinations that did not truly reflect exact underlying privileges that were granted.
It caused confusion as to what exactly is being configured. The following table lists the mapping between the privilege combinations from the Classic UI to the actual privileges that constitute them:
| Classic UI Privilege Combinations | Permissions UI Privilege |
|---|---|
| Read | jcr:read |
| Modify |
|
| Create |
|
| Delete |
|
| Read ACL | jcr:readAccessControl |
| Edit ACL | jcr:modifyAccessControl |
| Replicate | crx:replicate |
Business.Adobe.com resources
Resources
Adobe Account
