Assign privilege to a user group | Community
Skip to main content
G
goyalkritika
Level 4
February 21, 2023
Solved

Assign privilege to a user group

  • February 21, 2023
  • 3 replies
  • 1151 views

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?lang=en#impersonating-another-user 

3 replies

Saravanan_Dharmaraj
Community Advisor
Saravanan_DharmarajCommunity Advisor
Community Advisor
February 21, 2023

Please check the below example given

 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?lang=en#setting-users-or-administrators-to-have-the-privilege-to-manage-other-users 

    Saravanan_Dharmaraj
    Community Advisor
    Saravanan_DharmarajCommunity AdvisorAccepted solution
    Community Advisor
    February 21, 2023

    Also AFAIK, the impersonation feature is at the user level, not at group level. 

    https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?lang=en#impersonating-another-user 

      Love_Sharma
      Love_Sharma
      Level 4
      February 21, 2023

      @goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

      "READ": ["jcr:read"]

      "MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

      "CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

      "DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

      "READACL": ["jcr:readAccessControl"]

      "EDITACL": ["jcr:modifyAccessControl"]

      "REPLICATE": [“crx:replicate"]

        BrianKasingli
        Community Advisor and Adobe Champion
        BrianKasingliCommunity Advisor and Adobe Champion
        Community Advisor and Adobe Champion
        February 21, 2023

        In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

         

        For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit - YouTube

         

         

          Terms & ConditionsAccessibility statement

          Loading footer...