Expand my Community achievements bar.

SOLVED

AEM and Admin Console Synchronisation

Avatar

Level 4

If I add an user in the admin console and then provide permission to that user to access the AEM instance, that gets auto synced to AEM. But, if I update permissions for the same user in the AEM instance, will that reflect automatically in the Admin Console?

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

What do you mean when you write "permission"? The Adobe AdminConsole does not now about any permissions, but just knows users and groups and their relations (next to some other things, which are not significant for this question).

The only direction in which there is a sync is from AdminConsole to AEM. That means that any user-to-group relationship visible in the AdminConsole is synced into AEM, but not the other way around.

 

When referring to "permission" in the context of AEM, we normally mean the permission to access nodes/resources in the AEM content repository. This is entirely handled within AEM itself, because the AdminConsole does not understand this concept at all. Typically these permissions are mapped to AEM groups, and these groups can be handled within the AdminConsole as opaque entities.

 

Jörg

View solution in original post

5 Replies

Avatar

Employee

In admin console https://adminconsole.adobe.com, permissions are given specific to the products (AEM, Adobe Analytics etc ) assigned to the user. It could be system administrator, product administrator, profile administrator etc which are different from permissions that we have in AEM. So, depending upon the role of user (system administrator, product administrator, profile administrator), he can access AEM but permissions that are applied in http://<host:port/useradmin in AEM are different.

Avatar

Correct answer by
Employee Advisor

What do you mean when you write "permission"? The Adobe AdminConsole does not now about any permissions, but just knows users and groups and their relations (next to some other things, which are not significant for this question).

The only direction in which there is a sync is from AdminConsole to AEM. That means that any user-to-group relationship visible in the AdminConsole is synced into AEM, but not the other way around.

 

When referring to "permission" in the context of AEM, we normally mean the permission to access nodes/resources in the AEM content repository. This is entirely handled within AEM itself, because the AdminConsole does not understand this concept at all. Typically these permissions are mapped to AEM groups, and these groups can be handled within the AdminConsole as opaque entities.

 

Jörg

Avatar

Level 4
you got me right, i was talking about the AEM permissions, thanks for the answer. it helped.

Avatar

Level 4
just to add to that, if i have a user TestA in admin console, which got synced to AEM. In AEM if i modify the name of that user to TestAB, then how will this get synced to admin console?

Avatar

Employee Advisor
It doesn't matter. Because under the hoods there is a group-id, which is different from the name. And you cannot change that ID of a group without removing and recreating it. That means if you can that name to TestAB, it will still sync, because its groupid is still "TestA" after all.