Discover APM - the easy way to manage permissions on AEM

10 October 2016
Mateusz Chrominski
Frink_Cognifide_2016_HeaderImages_0117
open source light bulbs

Why open source?

At Cognifide we believe in freeing our clients to author their own digital experiences.  It should come as no surprise then that we are also firm believers in Open Source. Coupled with that, we just love to innovate and simplify our development life and your authoring life. From the ground up, we create the tools that boost our performance and make everyday work a pleasure, and we want you to be able to use these tools in the long-term. Our Open Source tools come with the Cognifide guarantee, not to mention our unrivalled experience in the Adobe stack. Now you can customise them and take advantage of even greater flexibility and freedom. The latest addition to the Cognifide Open Source toolset is APM or AEM Permission Management.

Permission management at scale

Working at enterprise level brings a whole new spectrum of challenges and issues to solve - many of them around scale. AEM is the perfect platform for large companies with tens or hundreds of content editors working simultaneously with a number of different brands. The higher the number of editors and pages, the higher the complexity. User management starts to be really complicated when custom content visibility requirements are raised. 

Let's imagine a brand that wants to retain independent control over its content but that exists amongst other brands on the same AEM platform. This scenario might require multiple users in a configuration defined by a superuser (superauthor) that can not be altered by a regular author. It might also mean that content can only be pushed to publish after the specific approval of a narrow group with that authority.  These are the every day pain points and challenges for many large organisation when it comes to permission management.


The technical challenges

Challenges then appear on the technical side as well. With the introduction of System User, the developer must consider the permission implications while implementing a feature.  Fine-grained ACL configuration is certainly required for this security purpose, yet the effort overhead will not be insignificant. Maintaining large permission schemes can be very time consuming.

From the very first multi-branded AEM platforms we implemented we noticed the need for better permission management. The AEM out of the box configuration panel is fine for any ad-hoc operation. However, for maintaining large permission schemes, it is not a terribly effective tool. We experimented a lot with automated user/permissions package creation. We tried some XML structures that drive the ACL operations. What we realized is that these kind of files are not write-only code pieces. The platforms we're creating live for years and as users come and go the permission scheme changes. The easiness of reading them is crucial.


Manage your permissions with APM

That's why we created APM, the simplest and most user-friendly AEM Permission Management tool. It focuses on 4 core aspects:

  • the ability to manage users, groups and permissions
  • human readable syntax, Domain Specific Language
  • capability to update schemes in batch
  • a rich GUI but also full headless support

This is a tool that embodies years of Cognifide expertise.  In fact, we've been perfecting it for so long, it's been rebranded twice already!  Initially named PML - Permission Manipulation Language, the tool then became CQSM - CQ Security Management.  Now we're sharing it with the community as APM.

We've proved its value on dozens of live projects already. And the tool has grown up with the platform.  It's been successfully used since the days of CQ 5.5 and has got better and better, with its latest release on AEM 6.2. Keeping the front-line consistent via custom language syntax has helped us upgrade platforms and switch projects. But what's most impressive is that no training has ever been required! Developers, analysts and platform owners have all quickly jumped into script maintenance. The flexible and very natural syntax has made that possible.

Now it's time for you to fall in love with APM - the future of AEM permission management.  Discover more!