HomeTroubleshooting Hub › Login & permissions issues

Login & permissions issues

Purpose: Diagnose authentication failures and the "user can't see / can't do X" family.

Who this page is for

AudienceWhy it matters to you
All engineersFrequent support tickets
Platform engineersSSO plumbing

Split the problem immediately

StatementLane
"Can't log in at all"Authentication lane
"Logged in but can't see/edit/publish X"Authorisation lane
"Anonymous users get 404 on published page"Publish-ACL lane

Authentication lane

Authorisation lane

  1. Reproduce as the user (impersonation) — "it works for me (as admin)" diagnoses nothing.
  2. Effective permissions on the node: CRXDE Access Control tab / permissions UI — remember evaluation is nearest-rule-wins up the tree with deny beating allow at equal depth (users & groups).
  3. Group membership: is the user actually IN the group everyone assumes? (SSO group mapping drops are silent — compare IdP assertion groups vs AEM memberships.)
  4. The action, precisely: "can't publish" = replicate permission or the approval workflow doing its job (governance — check before "fixing").

Publish-ACL lane

Page 404s for anonymous but exists: anonymous read ACL missing on publish — was the ACL-bearing ancestor replicated? New tree roots need their permissions activated too; diff effective anonymous read on author-publish for the path.

Log the resolution

Permissions fixes without a note become permissions archaeology; record what was granted, to whom, why, expiry (audit rhythm).

Quick navigation