Am trying to understand what exactly differs the usage of the (READ,MODIFY,CREATE,DELETE) VS (READ ACL, EDIT ACL) permissions in AEM/CQ5.
我试图了解AEM / CQ5中(READ,MODIFY,CREATE,DELETE)VS(READ ACL,EDIT ACL)权限的用法究竟有什么不同。
On surfing internet i found a line "AEM uses an access control list that consists of a list of actions that a user can perform on resources within the system. These actions can include creating a new page in a given path, modify components on an existing page, and replicating data between instances."
在网上冲浪我发现一条线“AEM使用一个访问控制列表,其中包含用户可以对系统内的资源执行的操作列表。这些操作可以包括在给定路径中创建新页面,修改现有组件页面,并在实例之间复制数据。“
Can any one explain this with a good example.?
任何人都可以用一个很好的例子来解释这一点。
2 个解决方案
#1
2
As per reference link
根据参考链接
Read ACLs - The user can read the access control list of the page or child pages.
读取ACL - 用户可以读取页面或子页面的访问控制列表。
Edit ACL - The user can modify the access control list of the page or any child pages.
编辑ACL - 用户可以修改页面或任何子页面的访问控制列表。
Example to understand details - Create a test user and provided permissions (make this to be part of content-author group, so that user can access aem, instead of manually providing all permissions). On apps folder test user provide both Read and Edit ACLs. On content folder test user provide only Read ACLs permission. When test user logs in a new instance and accesses /useradmin.
了解详细信息的示例 - 创建测试用户并提供权限(使其成为内容作者组的一部分,以便用户可以访问aem,而不是手动提供所有权限)。在apps文件夹测试用户提供读取和编辑ACL。在内容文件夹测试用户只提供读取ACL权限。当测试用户登录新实例并访问/ useradmin时。
-
test user cannot see permissions on other folders, as there is not permission to read ACLs
测试用户无法查看其他文件夹的权限,因为没有读取ACL的权限
-
test user can see read only checkboxes on
contentfolder as there is only Read ACLs permission测试用户可以看到内容文件夹上的只读复选框,因为只有读取ACL权限
-
test user can see the checkboxes as editable on
appsas user has both Read ACLs and Edit ACLs permissions. Just Edit ACLs doesn't works without Read ACLs.测试用户可以在应用程序上看到可编辑的复选框,因为用户同时具有“读取ACL”和“编辑ACL”权限。如果没有读取ACL,则只编辑ACL不起作用。
For Create, Modify, Update, Delete - if user has that permission on that node, test user would be able to perform that action on that node.
对于“创建”,“修改”,“更新”,“删除” - 如果用户在该节点上具有该权限,则测试用户将能够在该节点上执行该操作。
ACLs related - If user has read/edit ACL permission, user would be able to read/edit permissions of that node
ACL相关 - 如果用户已读取/编辑ACL权限,则用户可以读取/编辑该节点的权限
#2
1
As per https://docs.adobe.com/content/docs/en/spec/jcr/2.0/16_Access_Control_Management.html
根据https://docs.adobe.com/content/docs/en/spec/jcr/2.0/16_Access_Control_Management.html
Read, Modify, Create, Delete are all related to respective operations on the resource. Any user with these privileges can modify the node/resource.
读取,修改,创建,删除都与资源上的相应操作相关。具有这些权限的任何用户都可以修改节点/资源。
Read ACL and Edit ACL are both related to reading and modifying the privileges (Read, Modify, Create, Delete) for that resource. Any user with these privileges can read and modify the privileges on that resource. This is useful for process accounts that want to lock down node modification during some processing.
读取ACL和编辑ACL都与读取和修改该资源的权限(读取,修改,创建,删除)有关。具有这些权限的任何用户都可以读取和修改该资源的权限。这对于希望在某些处理期间锁定节点修改的进程帐户很有用。
#1
2
As per reference link
根据参考链接
Read ACLs - The user can read the access control list of the page or child pages.
读取ACL - 用户可以读取页面或子页面的访问控制列表。
Edit ACL - The user can modify the access control list of the page or any child pages.
编辑ACL - 用户可以修改页面或任何子页面的访问控制列表。
Example to understand details - Create a test user and provided permissions (make this to be part of content-author group, so that user can access aem, instead of manually providing all permissions). On apps folder test user provide both Read and Edit ACLs. On content folder test user provide only Read ACLs permission. When test user logs in a new instance and accesses /useradmin.
了解详细信息的示例 - 创建测试用户并提供权限(使其成为内容作者组的一部分,以便用户可以访问aem,而不是手动提供所有权限)。在apps文件夹测试用户提供读取和编辑ACL。在内容文件夹测试用户只提供读取ACL权限。当测试用户登录新实例并访问/ useradmin时。
-
test user cannot see permissions on other folders, as there is not permission to read ACLs
测试用户无法查看其他文件夹的权限,因为没有读取ACL的权限
-
test user can see read only checkboxes on
contentfolder as there is only Read ACLs permission测试用户可以看到内容文件夹上的只读复选框,因为只有读取ACL权限
-
test user can see the checkboxes as editable on
appsas user has both Read ACLs and Edit ACLs permissions. Just Edit ACLs doesn't works without Read ACLs.测试用户可以在应用程序上看到可编辑的复选框,因为用户同时具有“读取ACL”和“编辑ACL”权限。如果没有读取ACL,则只编辑ACL不起作用。
For Create, Modify, Update, Delete - if user has that permission on that node, test user would be able to perform that action on that node.
对于“创建”,“修改”,“更新”,“删除” - 如果用户在该节点上具有该权限,则测试用户将能够在该节点上执行该操作。
ACLs related - If user has read/edit ACL permission, user would be able to read/edit permissions of that node
ACL相关 - 如果用户已读取/编辑ACL权限,则用户可以读取/编辑该节点的权限
#2
1
As per https://docs.adobe.com/content/docs/en/spec/jcr/2.0/16_Access_Control_Management.html
根据https://docs.adobe.com/content/docs/en/spec/jcr/2.0/16_Access_Control_Management.html
Read, Modify, Create, Delete are all related to respective operations on the resource. Any user with these privileges can modify the node/resource.
读取,修改,创建,删除都与资源上的相应操作相关。具有这些权限的任何用户都可以修改节点/资源。
Read ACL and Edit ACL are both related to reading and modifying the privileges (Read, Modify, Create, Delete) for that resource. Any user with these privileges can read and modify the privileges on that resource. This is useful for process accounts that want to lock down node modification during some processing.
读取ACL和编辑ACL都与读取和修改该资源的权限(读取,修改,创建,删除)有关。具有这些权限的任何用户都可以读取和修改该资源的权限。这对于希望在某些处理期间锁定节点修改的进程帐户很有用。