Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Disable admin account in CQ5.5

Avatar

Avatar
Validate 1
Level 2
rama_krishna11
Level 2

Likes

4 likes

Total Posts

18 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 2
rama_krishna11
Level 2

Likes

4 likes

Total Posts

18 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
rama_krishna11
Level 2

19-10-2015

Is it possible to disable admin account in CQ 5.5? Please if any one having any idea about this.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Employee
Opkar_Gill
Employee

Likes

138 likes

Total Posts

952 posts

Correct Reply

280 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Validate 1
Employee
Opkar_Gill
Employee

Likes

138 likes

Total Posts

952 posts

Correct Reply

280 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
Opkar_Gill
Employee

23-10-2015

Why not simply limit access to the admin account, change the password and entrust it to a select few who will not use it to carry out admin tasks?

Then provide administrator privileges and felix console access to users that need to carry out admin duties. This is a simpler way to control access without disabling the default system administrator account.

Regards,

Opkar

Answers (4)

Answers (4)

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

23-10-2015

Opkar's suggestion is best practice with AEM. 

Avatar

Avatar
Validate 1
Level 2
rama_krishna11
Level 2

Likes

4 likes

Total Posts

18 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 2
rama_krishna11
Level 2

Likes

4 likes

Total Posts

18 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
rama_krishna11
Level 2

23-10-2015

Coming to auditing point, we are getting admin related information. So that planning to disable admin and access with other guy who hav admin rights. 

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,164 likes

Total Posts

6,273 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,164 likes

Total Posts

6,273 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

23-10-2015

Hi 

Please share the use case of disabling the admin account.

If you would like to deny access to site admin actions for particular group, then please have a look at the following :-

Problem

 

How is it possible to disable Site Admin actions for particular groups, e.g. Activate?

 

Resolution

 

Following the concept 'Everything is content', Site Admin actions as such are also pure nodes in the repository which are thus subject of access control.

In order to disable and completely hide a certain action in the Site Admin console for a particular group, a corresponding group ACL has to be defined that denies read access to this action.

Following example will deal with the Activate action.

In order to set the actual ACL on above action node, the CRX Content Explorer has to be used. Following are the steps how to disable the Activate action for a group:

  • logged in as admin, open the crx.default workspace with the CRX Content Explorer and navigate to /libs/wcm/core/content/siteadmin/actions/activate
  • next click on the Security button and select Access Control Editor
  • in the Applicable Access Control Policies section, mark the checkbox next toorg.apache.jackrabbit.core.security.authorization.acl.ACLTemplate
  • click on Set selected policies
  • next click on New ACE
  • browse the Principal for the group for which a privilege is to be set
  • DENY jcr:read and confirm
  • click Apply and close the window

At this point, members of the above specified group won't have access to the Activate action anymore.

Based on the above given instructions, basically all other actions available in the Site Admin can be equally controlled via permissions. Following is a list of paths under which actions reside for different consoles:

                       
ConsolePath
Site Admin/libs/wcm/core/content/siteadmin/actions
DAM Admin/libs/wcm/core/content/damadmin/actions
Tools/libs/wcm/core/content/misc/actions
Security Admin/libs/cq/security/content/admin/authlist/actions

Link:- https://helpx.adobe.com/experience-manager/kb/how-to-deny-access-to-site-admin-actions.html

I hope this would help you.

 

Thanks and Regards

Kautuk Sahni

Avatar

Avatar
Validate 1
Employee
Opkar_Gill
Employee

Likes

138 likes

Total Posts

952 posts

Correct Reply

280 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Validate 1
Employee
Opkar_Gill
Employee

Likes

138 likes

Total Posts

952 posts

Correct Reply

280 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
Opkar_Gill
Employee

19-10-2015

Hi,

why do you want to disable the admin account?

Have you set up users with administration privileges and access to the felix console already?

Regards,

Opkar