Expand my Community achievements bar.

SOLVED

Assign privilege to a user group

Avatar

Level 4
Level 4
2/21/23 2:20:24 AM

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

User and Groups

Views

348

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 6:55:38 AM
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

View solution in original post

Views

313

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 6:55:38 AM
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Views

314

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
2/21/23 12:47:07 PM

@goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

"READ": ["jcr:read"]

"MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

"CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

"DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

"READACL": ["jcr:readAccessControl"]

"EDITACL": ["jcr:modifyAccessControl"]

"REPLICATE": [“crx:replicate"]

Views

294

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/21/23 3:48:53 PM

In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

 

For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit -...

 

 

Views

287

Replies

0
Sign in to like this content

Total Likes

Translate
Translate