Expand my Community achievements bar.

SOLVED

Automate the creation of a system user called abc-automated and assign write access to /content as soon as the code is deployed on an instance.

Avatar

Level 2
Level 2
12/15/22 12:00:43 PM

Can any one help me on this?

Currently working on aem 6.5,service pack is 6.5.13, java 1.11.

 

Best Regards,

Jhansi Rani

Views

608

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 4
Level 4
12/15/22 1:02:46 PM

Hi @jhansi_123 , 
Please refer below sample code to create a system user (custom-system-user) with (read, write and replicate) permissions from code.  
Step1) create the service user in your code. 
you will have to create folders under /content/jcr_root to maintain the structure /home/users/system/custom-system-user like and update the .content.xml as below
src/main/content/jcr_root/home/users/system/custom-system-user/.content.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
    jcr:primaryType="rep:SystemUser"
    rep:authorizableId="custom-system-user"
    rep:principalName="custom-system-user"/>

 

Step2) provide permissions by creating an _rep_policy.xml file as under src/main/content/jcr_root/content/_rep_policy.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:granite="http://www.adobe.com/jcr/granite/1.0" xmlns:crx="http://www.day.com/crx/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
	jcr:primaryType="rep:ACL">
	<allow
		jcr:primaryType="rep:GrantACE"
		rep:principalName="custom-system-user"
		rep:privileges="{Name}[jcr:read,crx:replicate,rep:write]"/>
</jcr:root>

 

Step3) then add these paths in src/main/content/META-INF/vault/filter.xml

<filter root="/home/users/system/custom-system-user"/>
<filter root="/content/rep:policy"/>

Note - you may remove the filters after the first build so this wont be created with each build but just the first time for the instance. 

manual step reference - https://www.aemcq5tutorials.com/tutorials/create-system-user-in-aem/

Cheers!

View solution in original post

Views

602

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Correct answer by
Level 4
Level 4
12/15/22 1:02:46 PM

Hi @jhansi_123 , 
Please refer below sample code to create a system user (custom-system-user) with (read, write and replicate) permissions from code.  
Step1) create the service user in your code. 
you will have to create folders under /content/jcr_root to maintain the structure /home/users/system/custom-system-user like and update the .content.xml as below
src/main/content/jcr_root/home/users/system/custom-system-user/.content.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
    jcr:primaryType="rep:SystemUser"
    rep:authorizableId="custom-system-user"
    rep:principalName="custom-system-user"/>

 

Step2) provide permissions by creating an _rep_policy.xml file as under src/main/content/jcr_root/content/_rep_policy.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:granite="http://www.adobe.com/jcr/granite/1.0" xmlns:crx="http://www.day.com/crx/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
	jcr:primaryType="rep:ACL">
	<allow
		jcr:primaryType="rep:GrantACE"
		rep:principalName="custom-system-user"
		rep:privileges="{Name}[jcr:read,crx:replicate,rep:write]"/>
</jcr:root>

 

Step3) then add these paths in src/main/content/META-INF/vault/filter.xml

<filter root="/home/users/system/custom-system-user"/>
<filter root="/content/rep:policy"/>

Note - you may remove the filters after the first build so this wont be created with each build but just the first time for the instance. 

manual step reference - https://www.aemcq5tutorials.com/tutorials/create-system-user-in-aem/

Cheers!

Views

603

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
12/16/22 5:39:26 AM
In response to akashdeepAEM

Thankyou so much for your support

1. created system user on explorer, assigned admin rights

2. Download the package.

3. _rep_policy.xml has been created manually under jcr.content

ui.content\src\main\content\jcr_root

jhansi_123_0-1671197664077.png

4. This is the path where i need to provide write access to /content folder.

     \ui.content\src\main\content\META-INF\vault\filter.xml

    <filter root="/home/users/system/serviceuser-name"/>
    <filter root="/content/rep:policy"/>

5. after that  code is deployed on instance.

 

 

Views

549

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
12/15/22 3:44:17 PM

Hi @jhansi_123 

 

Kindly refer to the below post. By this way you don't have to create the system user every time you deploy the code to a new instance.

 

1. Create a system user and then make a package of /home/users/system.

2. Download the package

3. Create a structure in your project /home/src/main/content and add the extracted folders under content.

4. Add pom.xml in parallel to src folder and run mvn clean install

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/build-deploy-system-user-p... 

 

Hope this helps.

Views

594

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
12/16/22 1:37:41 AM

Hi @jhansi_123 ,

 

For system user creation and permission handling, Repoinit is considered as the best way. 

 

For details around repoinit please refer below links

Create System User using Repository Initializer(Re... - Adobe Experience League Community - 420728

Repo Init Scripts in AEM - AEM Blogs

Adobe Experience Manager's Sling RepoInit: Have You Tried It Yet? | Bounteous

 

Hope this helps .

 

Thanks,

Nikita Garg 

Views

566

Replies

2
Sign in to like this content

Total Likes

Translate
Translate