Level 3

Solved

System User AEM Cloud

Forum|Forum|4 years ago
June 16, 2021
6 replies
6860 views

Hi,

I am trying to create a system user on AEM Cloud, but the url where the system users are created is not available on Cloud. How can I create or at least export/import a system user on Cloud? Thanks!

Best answer by Asutosh_Jena_

Hi @ad-engineer

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
        "
        create service user systemuser
        set ACL for systemuser
        allow jcr:read on /etc restriction(rep:glob,/productfeed)
        allow jcr:write on /etc restriction(rep:glob,/productfeed)
        end
        "
]

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user/qaq-p/408773/comment-id/89812#M89812

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

Thanks!

Ritesh_Mittal

Community Advisor and Adobe Champion

Hi @ad-engineer ,

You can create the system user on your local AEM instance and it must be stored on location /home/users/system/<sys user> and provide proper permission.

Then follow below steps-

1. Create package of system user.
2. Download and unzip there you should see the system user folder ( .content.xml inside ) for system user, which you can commit as part of codebase

Sample .content.xml will look like below-

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:SystemUser"
jcr:uuid="5d9c68c6-c50e-33d0-aa2f-cf54f63993b6"
rep:authorizableId="testSystemUser"
rep:principalName="testSystemUser"/>

A

AD-EngineerAuthor

Level 3

Hi @ritesh_mittal

Thank you for you reply. I got the package, but where should i put it on the code? In which folder should be added? Thank you again!

Prince_Shivhare

Community Advisor

It is not a best practice to deploy the system user with code or package.

I had the same problem earlier and we discussed the same thing with Adobe techincal team and they suggested about the REPOINT.

I rasied this question on forum and got the answer. you can refer this url -
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user/qaq-p/408773/comment-id/89812#M89812

kchaurasiya

Level 5

Hi @ad-engineer , Keeping the system user in the code is not a good practice.As @prince_shivhare said.

We are also using the system user in our project and that we have kept in the package.So whenever system user is required to run some workflow or service on the environment such as dav/qa/uat . We just Deploy the user package on the environment.

You can create the package as @ritesh_mittal already explained and once package is created download it at your local and upload and install the same package wherever you required and provide the read and write permission of that user for specific folder or as per your requirement.

Thank You.

Ritesh_Mittal

Community Advisor and Adobe Champion

Hi @kchaurasiya @prince_shivhare ,

Can you point out where it is mentioned that keeping system user in GIT repo is not a best practice?

Also, notably, moving forward (with AEM as Cloud Service), Adobe is even recommending (forcing, wink) to have configuration as part of GIT repository.

@ad-engineer To answer your question, you can put the system user folder under below path-

/ui.content/src/main/content/jcr_root/home/users/system/

Also, you need to add the entry in filter.xml, the path should be "/ui.content/src/main/content/META-INF/vault/filter.xml"