Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Assign privilege to a user group

Avatar

Level 5

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor
4 Replies

Avatar

Correct answer by
Community Advisor

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Avatar

Level 5

@goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

"READ": ["jcr:read"]

"MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

"CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

"DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

"READACL": ["jcr:readAccessControl"]

"EDITACL": ["jcr:modifyAccessControl"]

"REPLICATE": [“crx:replicate"]

Avatar

Community Advisor

In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

 

For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit -...