April 1, 2020
Estimated Post Reading Time ~

Mapping CQ Permissions to JCR Access Control Entry (ACE) Privileges

The CRUD (Create Read Update Delete) “permissions” you get to assign to users within CQ WCM on a node-by-node basis is actually mapped to JCR Access Control Entry (ACE) permissions behind the scenes.

Here is the mapping of CQ “Permissions” to JCR “Privileges”:

Everyone needs the basic jcr:read privilege on a node to do anything else.

- Read (jcr:read)

Incremental to jcr:read are:

- Modify (jcr:modifyProperties, jcr:versionManagement, jcr:lockManagement)
- Create (addChildNodes, jcr:nodeTypeManagement)
- Delete (jcr:removeNode, jcr:removeChildNodes)
- Read ACL (jcr:readAccessControl)
- Edit ACL (jcr:modifyAccessControl)
- Replicate (crx:replicate)

Official documentation on access control is available here. Here is the complete list of JCR Access Control Entry (ACE) privileges - some of them are aggregates of multiple privileges:
  1. jcr:lifecycleManagement
  2. jcr:workspaceManagement
  3. jcr:lockManagement
  4. jcr:versionManagement
  5. jcr:addChildNodes
  6. crx:replicate
  7. jcr:read
  8. jcr:modifyAccessControl
  9. rep:write
  10. jcr:all (aggregate)
  11. rep:privilegeManagement
  12. jcr:removeChildNodes
  13. jcr:nodeTypeManagement
  14. jcr:namespaceManagement
  15. jcr:write (aggregate)
  16. jcr:removeNode
  17. jcr:retentionManagement
  18. jcr:nodeTypeDefinitionManagement
  19. jcr:readAccessControl
  20. jcr:modifyProperties


By aem4beginner
Posted by at
Labels:

No comments:

Post a Comment

If you have any doubts or questions, please let us know.