[EDITORIAL]
This article is based on what you've read the first article: [AEM day a User / user group permissions skills (a) ---- Access Control
Or you already know Access Control is doing the
【text】
Then the last article, we are concerned Accsess Control of rep: glob constraints
rep: glob constraint, the constraint is a directory hierarchy
We still use some common scenarios in terms of what
eg when we want to give permission to set content-editor / content / all child nodes of we-retail node has read the
But / content / we-retail node itself, and no read permission
If we are to be achieved through useradmin interface, then we can only achieve by going to one of the check / content / subordinate node of we-retail
Very troublesome
So, we adopted the Access Control rep: glob constraints to achieve
We add a permission rules such as / content / we-retail node
In this way, we can achieve rights for all child nodes other than / content / we-retail node itself gives read
We can verify in advance useradmin
As shown above, entirely OJBK
That positive selection is OK, anti-election but also how to achieve it
How to give only / content / we-retail node read permission without giving it all its child nodes
Can be achieved by two lines Access Control Rules
First given / content / we-retail node and all its child nodes read permissions
And then deny read permissions to all child nodes can be achieved
As shown above, still OJBK
[Written in the last]
rep:glob 约束在实际应用中,是一个非常常用也非常好用的约束
可以多多钻研,让权限管理更加的简便化和合理化