Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM 6.5 Tracking configuration changes

Avatar

Level 3

Hi Everyone,

 

I'm struggling to find the best way to manage and track any configuration changes done using config manager http://localhost:4502/system/console/configMgr. It's hard to track the changes done by someone with a team having a large number of team members with Admin rights on the AEM instance. I can see the configuration files available at path <Install Path>\crx-quickstart\launchpad\config\ but wondering if there is a way to check who made the changes.

 

Wondering if anyone can suggest the best practice to track the changes in configurations.

 

Thanks.

Mukesh 

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @MukeshAEM ,

 

You can check access.log and error.log

 

However In this case, the best practice would be:-

1.) To limit the "admin" permission to the user who actually needs it, too many people should not have these permissions, especially in the upper environments.

2.) Create a group whose members are to be granted access to Web Console instead of allowing access to individual users, you can add these groups to "Apache Sling Web Console Security Provider" in the configuration.

3.) Make sure the OSGi configurations are only deployed with code that is committed in the source control (this is more future-proof if you are planning to move to the cloud in the future) and also provide proper tracking of the changes.

 

Hope this helps.

 

Regards,

Nitesh

View solution in original post

1 Reply

Avatar

Correct answer by
Employee

Hi @MukeshAEM ,

 

You can check access.log and error.log

 

However In this case, the best practice would be:-

1.) To limit the "admin" permission to the user who actually needs it, too many people should not have these permissions, especially in the upper environments.

2.) Create a group whose members are to be granted access to Web Console instead of allowing access to individual users, you can add these groups to "Apache Sling Web Console Security Provider" in the configuration.

3.) Make sure the OSGi configurations are only deployed with code that is committed in the source control (this is more future-proof if you are planning to move to the cloud in the future) and also provide proper tracking of the changes.

 

Hope this helps.

 

Regards,

Nitesh