In the project I was working on had a requirement. Only a set of authors should be given permission to edit certain components and no authors should be given permission to delete any components. This is because the authors were not fully trained to use AEM during initial days. To realize this I followed two approach. In this blog I am explaining on how I did that.
1) Our first requirement was that we need to remove the delete button for certain components. For that we created 'cq:editConfig' node and included 'cq:actions' property. Inside that property we explicitilty gave operations which we need. In our case we have given 'edit','copymove' and 'insert'. This needs to be included on all components where we need to remove the delete button. This will cause the delete button to disappear from component author mode.
2) The next requirement was to restrict some authors from the component edit operation. For that we created two AD groups 'Author' and 'Admin'. Business users will be part of only 'Author' group and admin users will be part of 'Author' and 'Admin'. In our case all users were part of 'Author' group by default and we restricted all access including read, to the path where components reside for this group. In our case it was under 'apps/project-name/components/*'. We didn't restrict access to components path for 'Admin' group.
In our application the authentication happens via SAML and when user which is part of only the 'Author' group cannot see the edit option for components. Yes the spanner button won't be visible. When an admin user log in, the edit option will be there because he is part of 'Admin' group which allows access to the component path.
1) Our first requirement was that we need to remove the delete button for certain components. For that we created 'cq:editConfig' node and included 'cq:actions' property. Inside that property we explicitilty gave operations which we need. In our case we have given 'edit','copymove' and 'insert'. This needs to be included on all components where we need to remove the delete button. This will cause the delete button to disappear from component author mode.
2) The next requirement was to restrict some authors from the component edit operation. For that we created two AD groups 'Author' and 'Admin'. Business users will be part of only 'Author' group and admin users will be part of 'Author' and 'Admin'. In our case all users were part of 'Author' group by default and we restricted all access including read, to the path where components reside for this group. In our case it was under 'apps/project-name/components/*'. We didn't restrict access to components path for 'Admin' group.
In our application the authentication happens via SAML and when user which is part of only the 'Author' group cannot see the edit option for components. Yes the spanner button won't be visible. When an admin user log in, the edit option will be there because he is part of 'Admin' group which allows access to the component path.
