Adobe Experience Manager Sites & More

vipramrajiv · 11/2/18

I am using AEM 6.0 for production use.

I want to implement some additional security to my AEM instance.

Is there a way to trigger an email to a certain set of people whenever there is a login from 'admin' credential.

Also can I set a different password for triggering OAK reindexing

Are there any other ways I can ensure no one can misuse the admin credentials.

Jörg_Hoh · 11/7/18

The admin account on AEM is like the windows administrator or the Unix root account: if you have that, you can do everything. You should provide a secure password and only use it when necessary. In many projects it is typically stored with the operation team because they require it for some operations and also analyzing issues.

specifically to your questions: You can write an observation listener to check for changes to /home/users/a/admin and send out emails when the login-token is changing.

for oak-reindexing: no, that's not possible, because this is secured by ACLs, and for admin no ACLs are checked.

HTH,

Jörg

View solution in original post

smacdonald2008 · 11/6/18

Here is the AEM Doc on this topic -- Security Checklist

Jörg_Hoh · 11/7/18

The admin account on AEM is like the windows administrator or the Unix root account: if you have that, you can do everything. You should provide a secure password and only use it when necessary. In many projects it is typically stored with the operation team because they require it for some operations and also analyzing issues.

specifically to your questions: You can write an observation listener to check for changes to /home/users/a/admin and send out emails when the login-token is changing.

for oak-reindexing: no, that's not possible, because this is secured by ACLs, and for admin no ACLs are checked.

HTH,

Jörg

Adobe Experience Manager Sites & More

AEM security

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe