Permissions management
Learn how AEM Assets permission management allows organizations to control access to assets, protect their brand, and ensure compliance.
Transcript
Let’s take a look at Asset Essentials permission management, which allows user access to be set for groups and users on folders. This allows organizations to control access to assets, protect their brand, and ensure compliance. The initial steps in the setup are performed in the ÃÛ¶¹ÊÓƵ admin console. The first thing to do here is to make sure that the user responsible for setting up permissions in Asset Essentials is an Asset Essentials administrator.
So to do this, open the AEM Asset Essentials product, select the Asset Essentials instance, and add the desired users to the Asset Essentials administrator’s profile.
Next we’ll set up Asset Essentials user groups that will be used to assign permissions to Asset Essentials users. These user groups are managed in admin console as well. So we’ll head over to users and users groups.
Here we can define a few that we’ll use when applying access to folders in Asset Essentials. I’ve already created a few groups, so we have the WKND marketing team and the WKND legal team, but let’s make one more. And we’ll call this one the WKND creative team.
And we can, of course, add or remove users from any of our groups. So let’s go ahead and do that, and add a new user to the creative team.
If your admin console is set up to leverage an external system to manage users and group assignments, group creation, and other user assignments can be handled for you automatically.
Don’t forget that these users also need to be added to the appropriate product profiles to allow them to log into Asset Essentials.
So let me quickly add the user via as group membership to the Asset Essentials users product profile, which will allow them to log in to Asset Essentials as a regular user.
Okay, now let’s set up folder permissions in Asset Essentials using user groups we just defined at admin console.
So first log in Asset Essentials using the administrator user that we just made a member of the Asset Essentials product profile.
Once logged in, the first thing we’ll want to do is review the default permissions for all folders, as any permissions we add on a per folder basis layer on top of this. To check default permissions, select managed permissions, and then navigate to all assets folder at the top level. And here we can see that default permission for all authenticated users is can edit.
We can, of course, change this. However, be careful doing so as this will have a cascading effect to all folders. Let’s leave the default permissions edit and apply some permissions to the WKND folder which contains all the assets for the WKND brand. So let’s select the WKND folder, and again select manage permissions. Let’s set it up so only members of the WKND user groups have access to the WKND folder. So ensure the WKND folder is selected on the left, and then we’ll add a deny access rule for all authenticated users. This will also have a base permission for this folder tree, preventing anyone except the administrators from seeing it. So for example, users of the WKND sisters brand Luma would not be able to see this folder anymore. Deny access has its limitations. So use it sparingly, and prefer allow permissions to provide finer permission granularity. For example, when setting deny access permissions for a group at a higher level folder, you cannot give that group a positive permission on a sub folder, as the user would never be able to navigate to it. So for example, we could not add deny access for all authenticated users and only give the WKND creative access to the work in progress folder beneath it, since there would be no way for that WKND creative user to navigate to the work in progress folder.
And with that being said, let’s grant our WKND user groups access to the WKND folder. So first let’s permission WKND legal, and WKND legal should be able to see the folder but not modify assets. So let’s set their permission to can view.
WKND marketing should be able to edit any asset so they get can edit.
And WKND created should be able to view all assets but only edit those in the work in progress folder.
So we’ll set can view for them on the WKND folder and then select the work in progress sub folder and give them can edit access there.
Note that it’s recommended to manage Asset Essentials permissions at the group level rather than directly using users. The exception to this rule is assigning folder owner permissions, which allows the owner users to manage permissions on that folder tree without being a full blown Asset Essentials administrator. So let’s add a specific user as the owner of the WKND folder which will allow this otherwise regular user to manage permissions only on the WKND tree.
You can, of course, update permissions using the dropdown or move them completely using the X.
But let’s keep everything as we’ve configured it.
Okay, so this looks pretty good. Let’s try it out by logging in with a member of the WKND creative team user group.
All right, I’m logged in with the user we added to our WKND creative team. We can see and navigate into the WKND folder.
We can see assets in logos and adventures, but we can’t make any edits. So there’s no option to upload or delete or edit.
But we can make changes to the files in the work in progress folder since the group was granted edit rights on that.
So as you can see, I was able to delete a file.
It’s worth noting that these permissions not only apply to the browse experience, but also to search.
Well, I hope this video helped you understand how easy it is to apply and manage permissions in Asset Essentials. Enforcing governance around asset access, and ensuring the integrity of your digital assets. -
recommendation-more-help
4bec95c6-38c5-419f-a58a-02201ddcb55f