Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
SOLVED

Assign privilege to a user group

Avatar

Level 2

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

4 Replies

Avatar

Correct answer by
Community Advisor

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Avatar

Level 4

@goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

"READ": ["jcr:read"]

"MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

"CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

"DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

"READACL": ["jcr:readAccessControl"]

"EDITACL": ["jcr:modifyAccessControl"]

"REPLICATE": [“crx:replicate"]

Avatar

Community Advisor

In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

 

For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit -...