how to automate to check users permission and groups. | Community
Skip to main content
milis60034177
milis60034177
Level 2
December 8, 2020
Solved

how to automate to check users permission and groups.

  • December 8, 2020
  • 5 replies
  • 2233 views

I would like to know if there is any api which i can use to automate users permission and groups? Any pointers will be helpful.

 

thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by BrianKasingli

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

5 replies

SureshDhulipudi
Community Advisor
SureshDhulipudiCommunity Advisor
Community Advisor
December 8, 2020
you can use UserManager class and its methods for this.
 
createGroup(Principal principal)
    createUser(String userID, String password)
1) Generally we create user and add the user to group (Group will maintain the permissions)
2) It is not recommended to assign permissions directly to the user
====
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
String uid = request.getParameter("uid");
String pwd = request.getParameter("pwd");
String group = request.getParameter("group");
String properties = request.getParameter("properties");
            
            // Create User
            User user = userManager.createUser(uid, pwd);
            
            // Get existing Group and add user to that group
            Group groupAuth = (Group) (userManager.getAuthorizable(group));
groupAuth.addMember(userManager.getAuthorizable(uid));
            
 
    narendragandhi
    Community Advisor
    narendragandhiCommunity Advisor
    Community Advisor
    December 8, 2020
     

    Hi @milis60034177 

     

    If you have ACS AEM Commons available on your instance you can use the Ensure Authorizable functionality to automate your service users/ group creation.

    https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html

     

    Also you can use Sling Repo Init to achieve the same. Here are the couple of links to guide on this -

    https://sling.apache.org/documentation/bundles/repository-initialization.html

    https://blogs.perficient.com/2020/06/17/one-tool-to-configure-them-all-sling-repoinit/

     

    Thanks
    Narendra

      BrianKasingli
      Community Advisor and Adobe Champion
      BrianKasingliCommunity Advisor and Adobe ChampionAccepted solution
      Community Advisor and Adobe Champion
      December 8, 2020

      For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

      Both of these tools allow you to deploy "ACL rules as code".

      I hope this helps,

      Brian.

        vanegi
        Adobe Employee
        vanegiAdobe Employee
        Adobe Employee
        December 9, 2020

        You can create a servlet and use User Manager API to automate this:

          Session session = resourceResolver.adaptTo(Session.class); UserManager userManager = resourceResolver.adaptTo(UserManager.class); /* to get the current user */ Authorizable auth = userManager.getAuthorizable(session.getUserID()); /* to get the groups it is member of */ Iterator<Group> groups = auth.memberOf();
          S
          shaileshb584084
          Level 2
          December 9, 2020

          Ideally the permission should never be applied at the lowest level, as later on if the size of the repository increase then there are lot of challenges in modifying the permission for the groups or users at the lower level nodes.

           

          I would suggest to create a group at a higher level until really needed at the lower level.

           

          Lets see if you have the hierarchy some thing like "/content/<site-name>/<locale>/<locale-language>/newsroom/news/article1 then the permission should be applied at "/content/<site-name>/<locale>/<locale-language>" or even higher "/content/<site-name>/<locale>". 

           

          For grouping the permission and applying the same on the other environments use the "ACL Packager" 

           

           
           

           

          So the best approach is use this to package the permissions rather than apply through code.

           

          Thanks

           

           

            Terms & ConditionsAccessibility statement

            Loading footer...