Setting up ACLs
The following section explains how to segregate projects using ACLs so that each individual or team handles their own project.
As an AEM administrator, you want ensure that team members of a project do not interfere with other projects and each of the users are assigned specific roles as per project requirements.
Setting up Permissions
The following steps summarize the procedure for setting up ACLs for a project:
- Login to AEM and navigate to Tools > Security .
- Click Groups and enter an ID (for example, Acme).Alternatively, use this link, http://localhost:4502/libs/granite/security/content/groupadmin.html .Subsequently, click Save .
- Select Contributors from the list and double click it.
- Add the Acme (project you created) to Add Members to Group . Click Save .If you want project team members to register players (which involves creating a user for every player) find the group user-administrators and add the ACME group to user-administrators
- Add all the users who will be working on the Acme Project to the Acme group.
- Setup the permissions for the group Acme using this (http://localhost:4502/useradmin) .Select the group Acme and click the permissions .
The following table summarizes the path with the permissions at the project level:
Provides access to project files (if applicable)
Provides access to store the projects assets such as images or video in DAM
Removes access to all other projects under /content/screens
Provides access to the registration service
Provides access to DCC
Allows to update offline content for the project
In some cases, you can separate author functions (such as managing assets and creating channels) from admin functions (such as registering players). In such a scenario, create two groups and add the authors group to contributors and the admin group to both contributors and user-administrators.
Creating a new project should also create default user groups with a basic set of permissions assigned. You should extend the permissions to the typical roles we have for AEM Screens.
For example, you can create the following project specific groups:
- Screens Project Administrators
- Screens Project Operators (register players, and manage locations and devices)
- Screens Project Users (work with channels, schedules and channel assignments)
The following table summarizes the groups with description and permissions for an AEM Screens project:
|Screens Admins||Admin level access for AEM Screens capabilities|
|Screens Users screens-users||Create and update channels and schedules and assign to location in AEM Screens|
|Screens Operators||Create and update location structure and register players in AEM Screens|
|Screens Players screens-<project>-devices||Groups all players and all players/devices are member of the contributors automatically.|
Member of Contributors