New Participant

Solved

base permissions to custom group - AEM screen empty

Forum|Forum|2 years ago
October 27, 2023
3 replies
1969 views

hi all,

I have given the below yaml config for base group but it is throwing up an empty page on /aem/start.html - Any help?

- group_config:
    - proj-base:
          path: equinix

- ace_config:

- proj-base:
- path: /
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /libs
permission: allow
privileges: jcr:read
- path: /apps
permission: allow
privileges: jcr:read
- path: /var
permission: allow
privileges: jcr:read
- path: /etc
permission: allow
privileges: jcr:read
- path: /home
permission: allow
privileges: jcr:read
- path: /conf
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /content
permission: allow
privileges: jcr:read
- path: /content/dam
permission: allow
privileges: jcr:read
repGlob: ""
 - path: /content
permission: deny
privileges: jcr:removeNode,jcr:removeChildNodes,crx:replicate

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Rohan_Garg

@aem_noob - Please remove and re-test

- path: /libs/cq/core/content/nav/tools/security
permission: deny
privileges: jcr:read

kautuk_sahni

Employee

@aem_noob Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni

Rohan_Garg

New Participant

These permissions are working fine for a base group as validated on a netcentric.

Do you have some other permissions as well on your YAML file?

Can you attach the logs from the server?

A

aem_noobAuthor

New Participant

- path: /content/dam/collections
  permission: allow
  privileges: jcr:write,crx:replicate
- path: /libs/dam/gui/content/reports
  permission: allow
  privileges: jcr:read
- path: /libs/dam/gui/content/nav/tools/assets/assetreports
  permission: allow
  privileges: jcr:read
- path: /libs/cq/core/content/nav/tools/security
  permission: deny
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content
  permission: deny
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content/instances
  permission: allow
  privileges: jcr:read
- path: /libs/cq/workflow/admin/console/content/models
  permission: deny
  privileges: jcr:read

Rohan_GargAccepted solution

New Participant

@aem_noob - Please remove and re-test

- path: /libs/cq/core/content/nav/tools/security
permission: deny
privileges: jcr:read

aanchal-sikka

New Participant

Hello @aem_noob

I guess you are trying to use Netcentric ACL Tool.

It should execute the yaml file soon after deployment. Or by trigerring it manually via Security > Netcentric ACL Tool

reference:https://blogs.perficient.com/2020/04/23/getting-started-with-the-netcentric-access-control-tool/

Also, for creating Base groups, try to reuse OOTB AEM groups like authors, contributors etc. This will assure you have the basic permissions needed for browsing through the UI.

Aanchal Sikka

A

aem_noobAuthor

New Participant

The yaml is being executed but the console is empty. We have been asked to give allow permissions at root level to all the parent folders & not use OTB groups.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded