Solved

How to block anonymous and admin user to create JCR Nodes?

Forum|Forum|5 years ago
May 7, 2020
3 replies
4314 views

Much appreciate all the help in advance!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Ankur_Khare

Anonymous users can't create nodes.

If you want to do the same for any other group kindly assign read level permission from useradmin to that user.

Ankur_Khare

Accepted solution

Community Advisor

Anonymous users can't create nodes.

If you want to do the same for any other group kindly assign read level permission from useradmin to that user.

akhoury

Adobe Employee

You cannot block admin from creating, modifying or deleting nodes. User "admin" bypasses all system permission checks. It would be best to just not share the admin user password with your team.

As @huangb8 said, anonymous user cannot create nodes.

Theo_Pendle

Level 8

Hi @huangb8 ,

As @ankur_khare said, the anonymous should not be able to create or in any way modify nodes in the JCR. If that is currently possible on your instance, then someone either screwed up massively or you're the victim of a serious hack!

However, if you are (for some reason) in a situation where the anonymous user (aka: visitors to your AEM website) can use the API to modify nodes, you should head over to /useradmin an remove any non-READ access!

Regarding the admin user, @akhoury is right to say that this is a special user meant for (you guessed it) instance administration. This is the user you should give to your system admin or infrastructure department. If you are worried about developers using the admin user, you can change the password like so and give the password to the responsible party in your organisation (or preferably let them change the password).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded