Show Menu
TOPICS×

Setting up ACLs

The following section explains how to segregate projects using ACLs so that each individual or team handles their own project.
As an AEM administrator, you want ensure that team members of a project do not interfere with other projects and each of the users are assigned sepecific roles as per project requirements.

Setting up Permissions

The following steps summarize the procedure for setting up ACLs for a project:
  1. Login to AEM and navigate to Tools Security .
  2. Click Groups and enter an ID (for example, Acme).
    Subsequently, click Save .
  3. Select Contributors from the list and double click it.
  4. Add the Acme (project you created) to** Add Members to Group**. Click Save .
    If you want project team members to register players (which involves creating a user for every player) find the group user-administrators and add the ACME group to user-administrators
  5. Add all the users who will be working on the Acme Project to the Acme group.
  6. Setup the permissions for the group Acme using this link .
    Select the group Acme and click the permissions .

Permissions

The following table summarizes the path with the permissions at the project level:
Path
Permission
Description
/apps/<project>
READ
Provides access to project files (if applicable)
/content/dam/<project>
ALL
Provides access to store the projects assets such as images or video in DAM
/content/screens/<project>
ALL
Removes access to all other projects under /content/screens
/content/screens/svc
READ
Provides access to the registration service
/libs/screens
READ
Provides access to DCC
/var/contentsync/content/screens/
ALL
Allows to update offline content for the project
In some cases, you can separate author functions (such as managing assets and creating channels) from admin functions (such as registering players). In such a scenario, create two groups and add the authors group to contributors and the admin group to both contributors and user-administrators.

Creating Groups

Creating a new project should also create default user groups with a basic set of permissions assigned. You should extend the permissions to the typical roles we have for AEM Screens.
For example, you can create the following project specific groups:
  • Screens Project Administrators
  • Screens Project Operators (register players, and manage locations and devices)
  • Screens Project Users (work with channels, schedules and channel assignments)
The following table summarizes the groups with description and permissions for an AEM Screens project:
Group name Description Permissions
Screens Admins screens-admins Admin level access for AEM Screens capabilities
  • Member Of Contributors
  • Member OF user-administrators
  • ALL /content/screens
  • ALL /content/dam
  • ALL /content/experience-fragments
  • ALL /etc/design/screens
Screens Users screens-users Create and update channels and schedules and assign to location in AEM Screens
  • Member Of Contributors
  • <project> /content/screens
  • <project> /content/dam
  • <project> /content/experience-fragments
Screens Operators screens-operators Create and update location structure and register players in AEM Screens
  • Member Of Contributors
  • jcr:all /home/users/screens
  • jcr:all /home/groups/screens
  • <project> /content/screens
Screens Players screens-we-retail-devices Groups all players and all players/devices are member of the contributors automatically.
Member of Contributors