Setting up Access Control Lists (ACLs) setting-up-acls

Last update: Thu Sep 05 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Administering Screens

CREATED FOR:

Intermediate
Admin

The following section explains how to segregate projects using Access Control Lists (ACLs) so that each individual or team handles their own project.

As an AEM administrator, you want to ensure that team members of a project do not interfere with other projects. Each user is assigned specific roles as per project requirements.

Setting up Permissions setting-up-permissions

The following steps summarize the procedure for setting up ACLs for a project:

Login to AEM and navigate to Tools > Security.
Click Groups and enter an ID (for example, Acme).

Alternatively, use this link, http://localhost:4502/libs/granite/security/content/groupadmin.html.

Next, click Save.
Click Contributors from the list and double-click it.

Add the Acme (project that you created) to Add Members to the Group. Click Save.

screen_shot_2018-02-18at35630pm

note note
NOTE
If you want project team members to register players (which involves creating a user for every player) find the group user-administrators and add the ACME group to user-administrators

Add all the users who are working on the Acme Project to the Acme group.
Set up the permissions for the group Acme using this (http://localhost:4502/useradmin).

Click the group Acme and click the permissions.

Permissions permissions

The following table summarizes the path with the permissions at the project level:

Path

Permission

Description

/apps/<project>

READ

Provide access to project files, if applicable.

/content/dam/<project>

ALL

Provide access to store the project assets such as images or video in DAM.

/content/screens/<project>

ALL

Removes access to all other projects under /content/screens.

/content/screens/svc

READ

Provide access to the registration service.

/libs/screens

READ

Provide access to DCC.

/var/contentsync/content/screens/

ALL

Help you update offline content for the project.

NOTE

Sometimes, you can separate author functions (such as managing assets and creating channels) from admin functions (such as registering players). In such a scenario, create two groups and add the authors group to contributors and the admin group to both contributors and user-administrators.

Creating Groups creating-groups

Creating a project should also create default user groups with a basic set of permissions assigned. Extend the permissions to the typical roles defined in AEM Screens.

For example, you can create the following project-specific groups:

Screens Project Administrators
Screens Project Operators (register players, and manage locations and devices)
Screens Project Users (work with channels, schedules, and channel assignments)

The following table summarizes the groups with description and permissions for an AEM Screens project:

Group name

Description

Permissions

Screens Admins
screens-admins

Admin level access for AEM Screens capabilities

Member Of Contributors
Member OF user-administrators
ALL /content/screens
ALL /content/dam
ALL /content/experience-fragments
ALL /etc/design/screens

Screens Users
screens-users

Create and update channels and schedules and assign to locations in AEM Screens

Member Of Contributors
<project> /content/screens
<project> /content/dam
<project> /content/experience-fragments

Screens Operators
screens-operators

Create and update location structure and register players in AEM Screens

Member Of Contributors
jcr:all /home/users/screens
jcr:all /home/groups/screens
<project> /content/screens

Screens Players
screens-<project>-devices

All players and all players/devices are members of the contributors automatically.

Member of Contributors

recommendation-more-help

adce462a-f916-4dbe-9ab5-0b62cfb0f053