Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

how to automate to check users permission and groups.

Avatar

Level 2

I would like to know if there is any api which i can use to automate users permission and groups? Any pointers will be helpful.

 

thanks

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

View solution in original post

5 Replies

Avatar

Community Advisor
you can use UserManager class and its methods for this.
 
createGroup(Principal principal)
    createUser(String userID, String password)
1) Generally we create user and add the user to group (Group will maintain the permissions)
2) It is not recommended to assign permissions directly to the user
====
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
String uid = request.getParameter("uid");
String pwd = request.getParameter("pwd");
String group = request.getParameter("group");
String properties = request.getParameter("properties");
            
            // Create User
            User user = userManager.createUser(uid, pwd);
            
            // Get existing Group and add user to that group
            Group groupAuth = (Group) (userManager.getAuthorizable(group));
groupAuth.addMember(userManager.getAuthorizable(uid));
            
 

Avatar

Level 3
 

Hi @milis60034177 

 

If you have ACS AEM Commons available on your instance you can use the Ensure Authorizable functionality to automate your service users/ group creation.

https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html

 

Also you can use Sling Repo Init to achieve the same. Here are the couple of links to guide on this -

https://sling.apache.org/documentation/bundles/repository-initialization.html

https://blogs.perficient.com/2020/06/17/one-tool-to-configure-them-all-sling-repoinit/

 

Thanks
Narendra

Avatar

Correct answer by
Community Advisor

For ACL rules configuration automation, you can utilise these two great tools, these tools are ready to be utilised in production:

Both of these tools allow you to deploy "ACL rules as code".

I hope this helps,

Brian.

Avatar

Employee

You can create a servlet and use User Manager API to automate this:

  Session session = resourceResolver.adaptTo(Session.class); UserManager userManager = resourceResolver.adaptTo(UserManager.class); /* to get the current user */ Authorizable auth = userManager.getAuthorizable(session.getUserID()); /* to get the groups it is member of */ Iterator<Group> groups = auth.memberOf(); 

Avatar

Level 3

Ideally the permission should never be applied at the lowest level, as later on if the size of the repository increase then there are lot of challenges in modifying the permission for the groups or users at the lower level nodes.

 

I would suggest to create a group at a higher level until really needed at the lower level.

 

Lets see if you have the hierarchy some thing like "/content/<site-name>/<locale>/<locale-language>/newsroom/news/article1 then the permission should be applied at "/content/<site-name>/<locale>/<locale-language>" or even higher "/content/<site-name>/<locale>". 

 

For grouping the permission and applying the same on the other environments use the "ACL Packager" 

 

 
 

image.png

 

So the best approach is use this to package the permissions rather than apply through code.

 

Thanks