Adobe Experience Manager Sites & More

Mario248 · 2/16/23

Recently I created a program in AEMaaCS. I understand that when we create an environment in cloud manager, Adobe Console creates two profiles, AEM Administrator xx123xx123 & AEM Users xx123xx123, and in publish instance it only creates one profile, AEM Users xx123xx123. As of now, I have no doubts.

Now when I add a profile to any user, for example personX and add him AEM Administrator xx123xx123 & AEM Users profiles in author and AEM Users xx123xx123 profile for publish server. When this user personX logged into the system I could see that the profiles are mapped as AEM groups. As of now, everything is clear. I did not see any ACLs created for AEMAdministrator xx123xx123 & AEM Users when I checked the permissions for these groups in AEM. Is this OOTB behavior? How does this group act as admin without permission? below is the screenshot for AEMAdministrator

Do we need to set any permission to make this as an admin group ?

Himanshu_Jain · 2/16/23

Hi @Mario248 ,

Check access of crxde (dev only) from both the users (admin and general user) created by cloud manager console.

For Project specific permission ( to access content) you need to create groups within AEM environment and add ACLs accordingly.

Thanks

Himanshu

Himanshu Jain

Mario248 · 2/16/23

I can access CRXDE but I dont have any write access. I get below error

Could not save changes. Received 409 (Conflict) for saving changes in workspace crx.default. org.apache.jackrabbit.oak.spi.state.ReadyOnlyBuilderException: This builder is read-only.

Are we saying cloud manager just creates groups in AEM without any permission ?

Himanshu_Jain · 2/16/23

Hi @Mario248 ,

You cannot make any change in crxde , this is just to check the difference between admin group and general user group generated from cloud manager.

Also you can test via accessing the package manager.

Thanks

Himanshu

Himanshu Jain

Mario248 · 2/16/23

yes, It is expected that I cannot edit because of permission. What I am trying to understand is, cloud manager creates AEM Administrator xx123xx123 group in AEM without any permission. It is supposed to be created with full admin access as the name tells. Is this a bug ?

Are we saying cloud manager just creates groups in AEM without any permission ?

Jagadeesh_Prakash · 2/16/23

Groups will be created and the necessary permissions will be added. But just that users will not be able to see the adminstrators groups permissions

Mario248 · 2/17/23

I logged with admin account and verified that IMS groups (in this case AEM Administrator xx123xx123 & AEM Users xx123xx123 ). As an admin I should be able to all permission for IMS group permission.