Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
See the List & Register
SOLVED

Assign privilege to a user group

Avatar

Level 2
Level 2
‎21-02-2023 02:20 PST

I need to assign required privileges to a user group so that the users belonging to that particular group can impersonate other users.

Also, I need to assign privilege and restrictions to a user group so that the users belonging to that particular group can assign users to groups.

 

What privileges and restrictions should I add under Tools -> Security -> Permissions -> {Role}?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

User and Groups

Views

109

Replies

4

Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
‎21-02-2023 06:55 PST
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Views

74

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
‎21-02-2023 06:55 PST
In response to Saravanan_Dharmaraj

Also AFAIK, the impersonation feature is at the user level, not at group level. 

https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?l... 

Views

75

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
‎21-02-2023 12:47 PST

@goyalkritika Below is the mapping for permissions if this helps. You can add combinations of below actions you need on a group (recommended) or on an user.

"READ": ["jcr:read"]

"MODIFY": ["jcr:modifyProperties","jcr:lockManagement","jcr:versionManagement","jcr:removeChildNodes","jcr:removeNode","jcr:addChildNodes","jcr:nodeTypeManagement"]

"CREATE": ["jcr:addChildNodes","jcr:nodeTypeManagement"]

"DELETE": ["jcr:removeChildNodes","jcr:removeNode"]

"READACL": ["jcr:readAccessControl"]

"EDITACL": ["jcr:modifyAccessControl"]

"REPLICATE": [“crx:replicate"]

Views

55

Replies

0

Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
‎21-02-2023 15:48 PST

In order for impersonating to work for non-admin users, the impersonator (in the above case user-B) is required to have READ permissions in the /home/users path. Documentation: User Administration and Security | Adobe Experience Manager. 

 

For group creation and management, I would use Ensure Authorizable (FKA Ensure Service User), but ACS Commons is recommending that we should use Repository Initialization (repoinit), so Repository Initialization (repoinit) it is... AEM Tutorial #57 | Repository Initialization | Create system user, groups and users using repoinit -...

 

 

Views

48

Replies

0

Sign in to like this content

Total Likes

Translate
Translate