Review these important considerations before defining your deletion policies for Content Fragments in AEM. Content Fragments are a powerful tool for delivering headless content, and the implications of deleting them must be carefully considered.
The ability to delete content is powerful, but potentially sensitive, with many industries needing to restrict and control how these privileges are distributed.
In relation to delete permissions, Content Fragments must be considered at two levels:
The Content Fragment as a single entity.
The multiple subentities that make up a Content Fragment; for example, variations, subnodes.
Basic operation of the Content Fragment editor requires that such transient subelements can be deleted. For example, when manipulating variations; also when editing metadata or managing associated content.
See also How to Audit User Management Operations in AEM.
For users that need to edit/update a Content Fragment, without allowing them to delete an entire fragment, specific permissions must be assigned, as basic operation of the Content Fragment editor requires that transient subelements can be deleted.
For example, when manipulating variations; also when editing metadata or managing associated content.
The delete permissions, required to edit/update a Content Fragment, are included in the Delete permission assigned through User and/or Group Management.
The permissions needed to edit/update a fragment must be applied to either the node containing the Content Fragment, or an appropriate parent node (at any level under
/content/dam). When assigned to such a parent node, the permissions are applied to all nodes within that branch.
For example, a folder to hold all Content Fragments, such as:
Setting the permissions on
/content/dam is also possible, as all Content Fragments are stored here.
However this action applies the same delete permissions to all other asset types as well.
The permissions prerequisite to allowing a specific user and/or group to edit/update a Content Fragment are:
This list shows all the privileges required, not just the delete privileges.
For the Content Fragment nodes or folders:
jcr:contentnode of all Content Fragments:
For all nodes below
jcr:content of all Content Fragments: