Activate Restricted Assets Access to Dynamic Media with Open APIs based on IMS User Groups
Activate Restricted Assets Access to Dynamic Media with Open APIs based on IMS User Groups
Description description
Enable the feature that restricts access to approved assets based on IMS user groups. According to the documentation, this feature needs to be activated first.
Resolution resolution
-
Prerequisite for this functionality is that the customer has AEMaaCS Assets with Dynamic Media add-on licensed
-
The customer should then submit a Customer Care ticket to get DM with Open APIs setup if not done yet.
Access control with IMS users/groups :
To request an asset from DM with Open APIs delivery
Restrictions on delivery URLs can be controlled through a
metadata property (dam:roles) at asset. IMS ID of user(s)/group(s) can
be added at聽 dam:roles.
When delivery URL is hit for that asset, a user token needs to be
provided in the request. The delivery request will be delivered if
either the user is allowed at dam:roles or it is part of a group which
is allowed at dam:roles.
dam:roles at assets can be added via UI and/or Metadata Profile feature
can be used to auto add dam:roles on all the assets being uploaded
inside a folder.
Metadata profiles are documented here:
/en/docs/experience-manager-cloud-service/content/assets/manage/metadata-profiles
In order to allow Authors to see/edit the metadata property, a metadata schema should be setup and applied to the folders where restricted assets are to be served from.
How to do that is documented here:
/en/docs/experience-manager-cloud-service/content/assets/manage/metadata-schemas