AccessControlList (ACL) permissions can be associated explicitly with any Workbench tools and many type of Experience Manager content. A Guided Search user can set ACL permissions on any resource. ACL permissions can be exported and imported.
ACL permissions on tools determines if a user is allowed to access a Workbench tool.
The following example from a JSON file assigns tool ACL permissions:
{
"ecr:type" : "tools"
"ecr:permissions" : {
"curtis" : {"allow": ["READ"], "deny": ["WRITE"]}
},
"relrank" : {
"ecr:type" : "tool",
"ecr:permissions" : {
"curtis" : {"allow": ["READ","WRITE"]}
}
}
}
ACL permissions on content determines if a user can perform READ/WRITE on that resource node. This information can be part of any resource which supports permissions and exported along with the resource public format. It is an optional property on a resource.
The following types of content support ACL permissions:
The following example assigns content ACL permissions:
"ecr:permissions": {
"curtis": {
"allow": ["READ"],
"deny": ["WRITE"]
}
}
|
READ permission |
WRITE permission |
System Behavior |
|---|---|---|
|
allow |
deny |
A user is only able to read the content and ACL information of a resource. |
|
deny |
allow |
A user is able to read and write the content and ACL information of a resource, even though READ privilege is explicitly denied. |
|
allow |
allow |
A user is able to read and write the content and ACL information of a resource. |
