how to automate to check users permission and groups.

Avatar

Avatar

milis60034177

Avatar

milis60034177

milis60034177

08-12-2020

I would like to know if there is any api which i can use to automate users permission and groups? Any pointers will be helpful.

 

thanks

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

BrianKasingli

MVP

Avatar

BrianKasingli

MVP

BrianKasingli
MVP

08-12-2020

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

Answers (4)

Answers (4)

Avatar

Avatar

shaileshb584084

Avatar

shaileshb584084

shaileshb584084

09-12-2020

Ideally the permission should never be applied at the lowest level, as later on if the size of the repository increase then there are lot of challenges in modifying the permission for the groups or users at the lower level nodes.

 

I would suggest to create a group at a higher level until really needed at the lower level.

 

Lets see if you have the hierarchy some thing like "/content/<site-name>/<locale>/<locale-language>/newsroom/news/article1 then the permission should be applied at "/content/<site-name>/<locale>/<locale-language>" or even higher "/content/<site-name>/<locale>". 

 

For grouping the permission and applying the same on the other environments use the "ACL Packager" 

 

 
 

image.png

 

So the best approach is use this to package the permissions rather than apply through code.

 

Thanks

 

 

Avatar

Avatar

vanegi

Employee

Avatar

vanegi

Employee

vanegi
Employee

09-12-2020

You can create a servlet and use User Manager API to automate this:

  Session session = resourceResolver.adaptTo(Session.class); UserManager userManager = resourceResolver.adaptTo(UserManager.class); /* to get the current user */ Authorizable auth = userManager.getAuthorizable(session.getUserID()); /* to get the groups it is member of */ Iterator<Group> groups = auth.memberOf(); 

Avatar

Avatar

narendragandhi

Avatar

narendragandhi

narendragandhi

08-12-2020

 

Hi @milis60034177 

 

If you have ACS AEM Commons available on your instance you can use the Ensure Authorizable functionality to automate your service users/ group creation.

https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html

 

Also you can use Sling Repo Init to achieve the same. Here are the couple of links to guide on this -

https://sling.apache.org/documentation/bundles/repository-initialization.html

https://blogs.perficient.com/2020/06/17/one-tool-to-configure-them-all-sling-repoinit/

 

Thanks
Narendra

Avatar

Avatar

SureshDhulipudi

MVP

Avatar

SureshDhulipudi

MVP

SureshDhulipudi
MVP

08-12-2020

you can use UserManager class and its methods for this.
 
createGroup(Principal principal)
    createUser(String userID, String password)
1) Generally we create user and add the user to group (Group will maintain the permissions)
2) It is not recommended to assign permissions directly to the user
====
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
String uid = request.getParameter("uid");
String pwd = request.getParameter("pwd");
String group = request.getParameter("group");
String properties = request.getParameter("properties");
            
            // Create User
            User user = userManager.createUser(uid, pwd);
            
            // Get existing Group and add user to that group
            Group groupAuth = (Group) (userManager.getAuthorizable(group));
groupAuth.addMember(userManager.getAuthorizable(uid));