How to block anonymous and admin user to create JCR Nodes?

Avatar

Avatar
Level 1
huangb8
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile

Avatar
Level 1
huangb8
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile
huangb8
Level 1

07-05-2020

How to block anonymous and admin user to create JCR Nodes?

 

Much appreciate all the help in advance!

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile

Avatar
Ignite 1
MVP
Ankur_Khare
MVP

Likes

159 likes

Total Posts

370 posts

Correct reply

58 solutions
Top badges earned
Ignite 1
Validate 10
Validate 1
Give Back 50
Give Back 5
View profile
Ankur_Khare
MVP

07-05-2020

Anonymous users can't create nodes.

If you want to do the same for any other group kindly assign read level permission from useradmin to that user.

Answers (2)

Answers (2)

Avatar

Avatar
Validate 1
MVP
Theo_Pendle
MVP

Likes

238 likes

Total Posts

251 posts

Correct reply

105 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
MVP
Theo_Pendle
MVP

Likes

238 likes

Total Posts

251 posts

Correct reply

105 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
Theo_Pendle
MVP

08-05-2020

Hi @huangb8 ,

As @Ankur_Khare said, the anonymous should not be able to create or in any way modify nodes in the JCR. If that is currently possible on your instance, then someone either screwed up massively or you're the victim of a serious hack!

However, if you are (for some reason) in a situation where the anonymous user (aka: visitors to your AEM website) can use the API to modify nodes, you should head over to /useradmin an remove any non-READ access! 

Regarding the admin user, @Andrew_Khoury is right to say that this is a special user meant for (you guessed it) instance administration. This is the user you should give to your system admin or infrastructure department. If you are worried about developers using the admin user, you can change the password like so and give the password to the responsible party in your organisation (or preferably let them change the password).

Avatar

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
Andrew_Khoury
Employee

07-05-2020

You cannot block admin from creating, modifying or deleting nodes.  User "admin" bypasses all system permission checks.  It would be best to just not share the admin user password with your team.

 

As @huangb8 said, anonymous user cannot create nodes.