We are using AEM as a cloud service and wanted to know the best practices for migrating user permissions to higher AEM environments i.e. QA, Stage, Prod. I am aware about ACS commons ACL packager but we will mostly likely not have permissions to deploy packages on the higher environments. Can you suggest some possible solutions?
Also, can we deploy these permissions as part of code deployment?
Please have a look at Netcentrics ACL Tool . With that approach, you can define your permission setup in YAML syntax and deploy it consistently across your environments along with your code deployments. It is a general recommendation I make to all my customers in all my projects. Also it is Cloud Service compatible.
Quoting from the GitHub readme:
The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complex Access Control Lists in AEM. Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. See Comparison to other approches for a comprehensive overview.
easy-to-read Yaml configuration file format
run mode support
automatic installation with install hook
cleans obsolete ACL entries when configuration is changed
ACLs can be exported
stores history of changes
ensured order of ACLs
built-in expression language to reduce rule duplication