We need to configure access to the CQ5 GUI. For example only certain groups shall see the Tools (miscadmin) link/button.
Of course, this is done by setting the access rights accordingly.
But exactly which rights on which ressources need to be set to achieve a paticular result without side effects? How do we hide the CRXDE links etc. on the welcome page?
It seems to be a tedious try-and-error-game.
Is there any documentation for this kind of configuration other than the generic "User Administration and Security", which dosen't help to identify the respective ressources?
Any hints are very uch appreciated.
Customizing access rights for welcome page could be difficult, If you have very granular requirnment. You can find most of stuff for welcome page under /libs/cq/core/content/welcome. Note that this might only hide link from welcome page, But users can still access sections using direct URL unless access to repository path is denied.
Some relevent resource and discussions (May be old but can help)
Yogesh's 2nd link is the right one if you want to restrict access to the consoles, just set ACEs on the cq:console nodes. The buttons on the right hand side are nodes below /libs/cq/core/content/welcome and if you place ACEs there, you can change them as well.
And the welcome page component is also provided, so you can overlay it if needed.