Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Assign privilege to a user group

Avatar

Level 5
Level 5
2/21/23 2:20:24 AM

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

User and Groups

Views

697

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 6:55:38 AM
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

View solution in original post

Views

662

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 6:55:38 AM
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Views

663

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
2/21/23 12:47:07 PM

@goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

"READ": ["jcr:read"]

"MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

"CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

"DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

"READACL": ["jcr:readAccessControl"]

"EDITACL": ["jcr:modifyAccessControl"]

"REPLICATE": [“crx:replicate"]

Views

643

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/21/23 3:48:53 PM

In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

 

For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit -...

 

 

Views

636

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

44

Likes

0

Replies

1
How to mask the image in AEM?

Views

60

Likes

0

Replies

2
[AEM6.5]Add custom JS functionality to OOB ACS Commons Notification.

Views

137

Likes

0

Replies

4
Not able to add external URL in Content Fragment New Editor

Views

58

Likes

0

Replies

1
AEM Performance issue due to testandtarget/clientlibs/testandtarget/

Views

60

Likes

0

Replies

1