Closed User Groups using-closed-user-groups-with-aem-assets

Transcript

Let’s take a look at closed user groups in AEM Assets. Closed user groups, commonly - referred to as CUGs, is a feature that’s used to limit access to specific areas of a published website. This feature has long been enabled and available within AEM - sites, and it’s allowed authors to configure and restrict - access through the UI. Now with AEM Assets, a - similar UI is available. Let’s look at a quick scenario. If we navigate to our - published WKND magazine page, you’ll notice we have a - special section set up for members only. This section is grayed out, - as it’s only accessible to authenticated users. After successfully authenticating and logging in, we’re able - to view this member area and its exclusive content. Depending on your implementation, images from this page may - be accessible directly through the DAM. If we leave this member - only section and log out, we’re still able to view this image from the members only area - with the direct reference link. Let’s apply the same restrictions to these digital assets that - we have on our sites page. This is done with the - closed user group policies through AEM Assets. Navigating into our AEM Assets folder on our offering instance, we have a folder for members only page. Taking a look inside the folder, we find the images that were - being used on that page. Let’s restrict this - content so only members are able to see these digital assets. The first thing we’ll do is navigate up one level in the folder hierarchy. With AEM Assets, closed - user groups are applied only at the folder level. CUGs do not need to be applied at the individual asset level. Bringing up our folder properties - and selecting permissions, we see a member section for permissions on the AEM Author Instance and a section for closed user groups. To restrict access, we’ll - select the group WKND Members that I’ve created for this demonstration and click add. The default permission level for this new user group is viewer. The last step is to publish - our new folder properties to the publish instance. Now that we’ve added this - permission at the folder level, only authenticated members will - have access to this content, even with a direct link. Note that any user groups - that are created will also need to be published. Returning to our published instance, if we try to access our - image asset from before, we’re greeted with a 404 error, telling us that this - resource cannot be found. While this is an effective - way to restrict content, it’s not the best - experience for the customer. Ideally, we’d want to redirect the customer to a login prompt. Returning to AEM Assets and reviewing our folders properties, we have an option to enable - authentication requirements. Now we can specify a login - page to redirect users to who have not been authenticated. Again, any changes made on AEM Author must be published to take effect.

Now, if we try to access - the same image directly through the DAM, without - being authenticated we’re redirected to a login page.

After authenticating, we’re - able to view the content.

An important note when using closed user - groups is to make sure that you’re not using an - asset that has restrictions on a page that might be - hit by an anonymous user. Let’s switch out this background image from one from our restricted - folder and publish the update.

Moving back to the published page, we’re able to see our new image because we’re still authenticated. If we log out and browse this - page as an anonymous user, we can no longer see that image. Instead, we see a blank space - where the image should be. Other best practices for closed user groups continue to apply, whether you’re using them - for AEM sites or AEM Assets. There are some additional - settings that should be configured at the dispatcher level to - prevent any accidental caching of restricted content. Links can be found below this video for further reading on how close - user groups are implemented and advanced configurations. - -