Adobe Experience Manager Sites & More

akshaybhujbale · 8/23/22

If the user from administrators group if not available in CUG still able to access to folder. Since it is exception to CUG.

So is there any other group which is the exception to CUG.

Also can we create group with exception to CUG

Jörg_Hoh · 8/25/22

No, you cannot detect by an API if a principal is allowed to access a CUG protected resource by this exemption list or by any other means. Because normally it should not matter, and exemption list should only be used for admin usecases.

If you really need to distinguish those 2 cases, you need to implement this feature on your own (as indicated by @arunpatidar ); in any way I would suggest you to create a ticket with Adobe support and raise this requirement there. Pleas include detailled description of your requirement, so product management can evaluate if this is just an edge case or a more common case which might benefit if supported ootb.

View solution in original post

arunpatidar · 8/24/22

Yes, it is possible, you need to configure it at

Arun Patidar

akshaybhujbale · 8/24/22

@arunpatidar Thanks

so is there any property by which we can recognize that this group is exempted from CUG?

Jörg_Hoh · 8/24/22

What is the usecase that your code needs to know if a user is member of one of these configured groups? Normally it should not be necessary to know that, because the CUGs are implemented on a repository level with ACLs.

akshaybhujbale · 8/24/22

@arunpatidar

share the link of above screenshot settings

arunpatidar · 8/24/22

This is osgi configuration, please check from webconsole.

The osgi config name is in the screenshot.

Arun Patidar

akshaybhujbale · 8/24/22

Hi @arunpatidar Thanks

Is there any api available to get this exempted principal names?

arunpatidar · 8/24/22

you can use same above osgi component/service to fetch its configurations.

Arun Patidar

akshaybhujbale · 8/24/22

@arunpatidar yah but I am looking for api for any property through which I can differentiate the normal user and cug exempted user or group.

For my usecase I need this.

Manually fetch using configuration wont work in my usecase.

Please if you can help me on this it will very helpfull for me.

Thanks

arunpatidar · 8/24/22

I am not aware of any of the api, that does that

Probably you can create your own using sling servlet and osgi service.

Arun Patidar

Jörg_Hoh · 8/24/22

It is possible, but does your usecase really differentiate between a user which has access to a location provided by a membership in a random group compared to a user which is member of group listed in the exempted principal list?

akshaybhujbale · 8/24/22

Hi @Jörg_Hoh to implement my usecase I just need exempted principal list but that should be through api not manuall.

Or if there any property which can that the particular user is exempted that will also work.

Jörg_Hoh · 8/25/22

No, you cannot detect by an API if a principal is allowed to access a CUG protected resource by this exemption list or by any other means. Because normally it should not matter, and exemption list should only be used for admin usecases.

If you really need to distinguish those 2 cases, you need to implement this feature on your own (as indicated by @arunpatidar ); in any way I would suggest you to create a ticket with Adobe support and raise this requirement there. Pleas include detailled description of your requirement, so product management can evaluate if this is just an edge case or a more common case which might benefit if supported ootb.

Adobe Experience Manager Sites & More

Administrators group is the exception to CUGs. Which other groups/users are exception to CUG.

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe