Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Automate the creation of a system user called abc-automated and assign write access to /content as soon as the code is deployed on an instance.

Avatar

Level 2

Can any one help me on this?

Currently working on aem 6.5,service pack is 6.5.13, java 1.11.

 

Best Regards,

Jhansi Rani

1 Accepted Solution

Avatar

Correct answer by
Level 4

Hi @jhansi_123 , 
Please refer below sample code to create a system user (custom-system-user) with (read, write and replicate) permissions from code.  
Step1) create the service user in your code. 
you will have to create folders under /content/jcr_root to maintain the structure /home/users/system/custom-system-user like and update the .content.xml as below
src/main/content/jcr_root/home/users/system/custom-system-user/.content.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
    jcr:primaryType="rep:SystemUser"
    rep:authorizableId="custom-system-user"
    rep:principalName="custom-system-user"/>

 

Step2) provide permissions by creating an _rep_policy.xml file as under src/main/content/jcr_root/content/_rep_policy.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:granite="http://www.adobe.com/jcr/granite/1.0" xmlns:crx="http://www.day.com/crx/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
	jcr:primaryType="rep:ACL">
	<allow
		jcr:primaryType="rep:GrantACE"
		rep:principalName="custom-system-user"
		rep:privileges="{Name}[jcr:read,crx:replicate,rep:write]"/>
</jcr:root>

 

Step3) then add these paths in src/main/content/META-INF/vault/filter.xml

<filter root="/home/users/system/custom-system-user"/>
<filter root="/content/rep:policy"/>

Note - you may remove the filters after the first build so this wont be created with each build but just the first time for the instance. 

manual step reference - https://www.aemcq5tutorials.com/tutorials/create-system-user-in-aem/

Cheers!

View solution in original post

6 Replies

Avatar

Correct answer by
Level 4

Hi @jhansi_123 , 
Please refer below sample code to create a system user (custom-system-user) with (read, write and replicate) permissions from code.  
Step1) create the service user in your code. 
you will have to create folders under /content/jcr_root to maintain the structure /home/users/system/custom-system-user like and update the .content.xml as below
src/main/content/jcr_root/home/users/system/custom-system-user/.content.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
    jcr:primaryType="rep:SystemUser"
    rep:authorizableId="custom-system-user"
    rep:principalName="custom-system-user"/>

 

Step2) provide permissions by creating an _rep_policy.xml file as under src/main/content/jcr_root/content/_rep_policy.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:granite="http://www.adobe.com/jcr/granite/1.0" xmlns:crx="http://www.day.com/crx/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
	jcr:primaryType="rep:ACL">
	<allow
		jcr:primaryType="rep:GrantACE"
		rep:principalName="custom-system-user"
		rep:privileges="{Name}[jcr:read,crx:replicate,rep:write]"/>
</jcr:root>

 

Step3) then add these paths in src/main/content/META-INF/vault/filter.xml

<filter root="/home/users/system/custom-system-user"/>
<filter root="/content/rep:policy"/>

Note - you may remove the filters after the first build so this wont be created with each build but just the first time for the instance. 

manual step reference - https://www.aemcq5tutorials.com/tutorials/create-system-user-in-aem/

Cheers!

Avatar

Level 2

Thankyou so much for your support

1. created system user on explorer, assigned admin rights

2. Download the package.

3. _rep_policy.xml has been created manually under jcr.content

ui.content\src\main\content\jcr_root

jhansi_123_0-1671197664077.png

4. This is the path where i need to provide write access to /content folder.

     \ui.content\src\main\content\META-INF\vault\filter.xml

    <filter root="/home/users/system/serviceuser-name"/>
    <filter root="/content/rep:policy"/>

5. after that  code is deployed on instance.

 

 

Avatar

Level 9

Hi @jhansi_123 

 

Kindly refer to the below post. By this way you don't have to create the system user every time you deploy the code to a new instance.

 

1. Create a system user and then make a package of /home/users/system.

2. Download the package

3. Create a structure in your project /home/src/main/content and add the extracted folders under content.

4. Add pom.xml in parallel to src folder and run mvn clean install

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/build-deploy-system-user-p... 

 

Hope this helps.