Adobe Experience Manager Sites & More

milis60034177 · 12/8/20

I would like to know if there is any api which i can use to automate users permission and groups? Any pointers will be helpful.

thanks

BrianKasingli · 12/8/20

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Access Control Tool for Adobe Experience Manager - Netcentric - https://github.com/Netcentric/accesscontroltool
AEM Permission Management - Cognifide - https://github.com/Cognifide/APM

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

View solution in original post

SureshDhulipudi · 12/8/20

you can use UserManager class and its methods for this.

https://jackrabbit.apache.org/api/2.12/org/apache/jackrabbit/api/security/user/UserManager.html

createGroup(Principal principal)

createUser(String userID, String password)

1) Generally we create user and add the user to group (Group will maintain the permissions)

2) It is not recommended to assign permissions directly to the user

====

UserManager userManager = resourceResolver.adaptTo(UserManager.class);

String uid = request.getParameter("uid");

String pwd = request.getParameter("pwd");

String group = request.getParameter("group");

String properties = request.getParameter("properties");

// Create User

User user = userManager.createUser(uid, pwd);

// Get existing Group and add user to that group

Group groupAuth = (Group) (userManager.getAuthorizable(group));

groupAuth.addMember(userManager.getAuthorizable(uid));

narendragandhi · 12/8/20

Hi @milis60034177

If you have ACS AEM Commons available on your instance you can use the Ensure Authorizable functionality to automate your service users/ group creation.

https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html

Also you can use Sling Repo Init to achieve the same. Here are the couple of links to guide on this -

https://sling.apache.org/documentation/bundles/repository-initialization.html

https://blogs.perficient.com/2020/06/17/one-tool-to-configure-them-all-sling-repoinit/

Thanks
Narendra

BrianKasingli · 12/8/20

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Access Control Tool for Adobe Experience Manager - Netcentric - https://github.com/Netcentric/accesscontroltool
AEM Permission Management - Cognifide - https://github.com/Cognifide/APM

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

vanegi · 12/9/20

You can create a servlet and use User Manager API to automate this:

  Session session = resourceResolver.adaptTo(Session.class); UserManager userManager = resourceResolver.adaptTo(UserManager.class); /* to get the current user */ Authorizable auth = userManager.getAuthorizable(session.getUserID()); /* to get the groups it is member of */ Iterator<Group> groups = auth.memberOf();

shaileshb584084 · 12/9/20

Ideally the permission should never be applied at the lowest level, as later on if the size of the repository increase then there are lot of challenges in modifying the permission for the groups or users at the lower level nodes.

I would suggest to create a group at a higher level until really needed at the lower level.

Lets see if you have the hierarchy some thing like "/content/<site-name>/<locale>/<locale-language>/newsroom/news/article1 then the permission should be applied at "/content/<site-name>/<locale>/<locale-language>" or even higher "/content/<site-name>/<locale>".

For grouping the permission and applying the same on the other environments use the "ACL Packager"

So the best approach is use this to package the permissions rather than apply through code.

Thanks

Adobe Experience Manager Sites & More

how to automate to check users permission and groups.

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe