Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

how to automate to check users permission and groups.

milis60034177
Level 2
Level 2

I would like to know if there is any api which i can use to automate users permission and groups? Any pointers will be helpful.

 

thanks

1 Accepted Solution
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

View solution in original post

5 Replies
SureshDhulipudi
Community Advisor
Community Advisor
you can use UserManager class and its methods for this.
 
createGroup(Principal principal)
    createUser(String userID, String password)
1) Generally we create user and add the user to group (Group will maintain the permissions)
2) It is not recommended to assign permissions directly to the user
====
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
String uid = request.getParameter("uid");
String pwd = request.getParameter("pwd");
String group = request.getParameter("group");
String properties = request.getParameter("properties");
            
            // Create User
            User user = userManager.createUser(uid, pwd);
            
            // Get existing Group and add user to that group
            Group groupAuth = (Group) (userManager.getAuthorizable(group));
groupAuth.addMember(userManager.getAuthorizable(uid));
            
 
narendragandhi
Level 3
Level 3
 

Hi @milis60034177 

 

If you have ACS AEM Commons available on your instance you can use the Ensure Authorizable functionality to automate your service users/ group creation.

https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html

 

Also you can use Sling Repo Init to achieve the same. Here are the couple of links to guide on this -

https://sling.apache.org/documentation/bundles/repository-initialization.html

https://blogs.perficient.com/2020/06/17/one-tool-to-configure-them-all-sling-repoinit/

 

Thanks
Narendra

BrianKasingli
Correct answer by
Community Advisor
Community Advisor

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

View solution in original post

vanegi
Employee
Employee

You can create a servlet and use User Manager API to automate this:

  Session session = resourceResolver.adaptTo(Session.class); UserManager userManager = resourceResolver.adaptTo(UserManager.class); /* to get the current user */ Authorizable auth = userManager.getAuthorizable(session.getUserID()); /* to get the groups it is member of */ Iterator<Group> groups = auth.memberOf(); 
shaileshb584084
Level 3
Level 3

Ideally the permission should never be applied at the lowest level, as later on if the size of the repository increase then there are lot of challenges in modifying the permission for the groups or users at the lower level nodes.

 

I would suggest to create a group at a higher level until really needed at the lower level.

 

Lets see if you have the hierarchy some thing like "/content/<site-name>/<locale>/<locale-language>/newsroom/news/article1 then the permission should be applied at "/content/<site-name>/<locale>/<locale-language>" or even higher "/content/<site-name>/<locale>". 

 

For grouping the permission and applying the same on the other environments use the "ACL Packager" 

 

 
 

image.png

 

So the best approach is use this to package the permissions rather than apply through code.

 

Thanks