Adobe Experience Manager Sites & More

Mohammed-Salman · 2/10/25

My client wants a report to be generated on acs-commons report of the all the users who have edit permission to specific dam folder in AEM. Is it possible to create report with acs-commons. I am open to hear any other approach like groovy script.

arunpatidar · 2/11/25

Hi @Mohammed-Salman

You need a script(e.g. groovy) to fetch the permission

https://developer.adobe.com/experience-manager/reference-materials/spec/jsr170/javadocs/jcr-2.0/java...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-get-permission-of-c...

Sample Code :

import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.jackrabbit.api.security.user.User;
import javax.jcr.Session;
import javax.jcr.Node;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.AccessControlList;
import java.security.Principal;

public class CheckWritePermission {

    public void checkWritePermission(ResourceResolver resourceResolver, String nodePath) {
        try {
            // Get the JCR Session from the ResourceResolver
            Session session = resourceResolver.adaptTo(Session.class);
            if (session == null) {
                throw new IllegalStateException("Unable to adapt ResourceResolver to JCR Session.");
            }

            // Get the Node for the given path
            Node node = session.getNode(nodePath);

            // Get the AccessControlManager for the session
            AccessControlManager acm = session.getAccessControlManager();

            // Get the list of privileges for the node
            Privilege[] privileges = acm.getPrivileges(nodePath);
            for (Privilege privilege : privileges) {
                if (privilege.getName().equals(Privilege.JCR_WRITE)) {
                    System.out.println("Node has JCR write privilege.");
                    // Iterate through the Access Control Policies
                    AccessControlPolicyIterator policyIterator = acm.getApplicablePolicies(nodePath);
                    while (policyIterator.hasNext()) {
                        AccessControlList acl = (AccessControlList) policyIterator.nextAccessControlPolicy();
                        for (javax.jcr.security.AccessControlEntry entry : acl.getAccessControlEntries()) {
                            Principal principal = entry.getPrincipal();
                            System.out.println("User/Group with write permission: " + principal.getName());
                        }
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Note : I have not tried this code.

Arun Patidar

View solution in original post

Mohammed-Salman · 2/10/25

Is there any such property to fetch user permission details?

arunpatidar · 2/11/25

Hi @Mohammed-Salman

You need a script(e.g. groovy) to fetch the permission

https://developer.adobe.com/experience-manager/reference-materials/spec/jsr170/javadocs/jcr-2.0/java...

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-get-permission-of-c...

Sample Code :

import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.jackrabbit.api.security.user.User;
import javax.jcr.Session;
import javax.jcr.Node;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.AccessControlList;
import java.security.Principal;

public class CheckWritePermission {

    public void checkWritePermission(ResourceResolver resourceResolver, String nodePath) {
        try {
            // Get the JCR Session from the ResourceResolver
            Session session = resourceResolver.adaptTo(Session.class);
            if (session == null) {
                throw new IllegalStateException("Unable to adapt ResourceResolver to JCR Session.");
            }

            // Get the Node for the given path
            Node node = session.getNode(nodePath);

            // Get the AccessControlManager for the session
            AccessControlManager acm = session.getAccessControlManager();

            // Get the list of privileges for the node
            Privilege[] privileges = acm.getPrivileges(nodePath);
            for (Privilege privilege : privileges) {
                if (privilege.getName().equals(Privilege.JCR_WRITE)) {
                    System.out.println("Node has JCR write privilege.");
                    // Iterate through the Access Control Policies
                    AccessControlPolicyIterator policyIterator = acm.getApplicablePolicies(nodePath);
                    while (policyIterator.hasNext()) {
                        AccessControlList acl = (AccessControlList) policyIterator.nextAccessControlPolicy();
                        for (javax.jcr.security.AccessControlEntry entry : acl.getAccessControlEntries()) {
                            Principal principal = entry.getPrincipal();
                            System.out.println("User/Group with write permission: " + principal.getName());
                        }
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Note : I have not tried this code.

Adobe Experience Manager Sites & More

Generate a report of the users who have edit permission to specific dam folder

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe