Expand my Community achievements bar.

SOLVED

How to Disable User Login

Avatar

Level 3

Hi,

We are trying to figure out a way to disable a user account from logging into AEM. We want to keep the account in the system, just somehow disable it and have the option to re-enable it if it is ever needed.

Anyone have a solution for this? We have tried the activate/deactivate functionality in the user management console, but it does not seem to effect if the user is able to login.

 

 

Thanks!

1 Accepted Solution

Avatar

Correct answer by
Level 10

Make use of property rep:disabled for your use case. 

To disable the user test just enter a reason as the value for disableUser
curl -u admin:admin -F "disableUser=Not required" http://host:port/home/users/t/test.rw.html

To reenable again

curl -u admin:admin -F "disableUser=" http://host:port/home/users/t/test.rw.html

View solution in original post

3 Replies

Avatar

Correct answer by
Level 10

Make use of property rep:disabled for your use case. 

To disable the user test just enter a reason as the value for disableUser
curl -u admin:admin -F "disableUser=Not required" http://host:port/home/users/t/test.rw.html

To reenable again

curl -u admin:admin -F "disableUser=" http://host:port/home/users/t/test.rw.html

Avatar

Level 10

You can control a users functionality with AEM by setting permissions,  I have never read a document that suggests that you can control a user logging in - however you can control permissions - including read permissions to the JCR: 

https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html#Modifying User and Group Properties

Avatar

Level 2

Hello Alex, 

Depending on your setup, you can do a couple of things:

1 - You can create a group with permissions to 'nothing', and assign these users to that group. So that when they log-in, they get nothing. Follow Scott's link for how to set these.

2 - You can overwrite their password and then they wouldnt be able to log-in in the first place.

Im sure there are other more polished solutions, but I find these two are very easy to implement and effective. 

PS - I've only used the activate-deactivate only controls the publishing of the user credentials to the publisher server. It is useful when you have a log-in on the front-end (like for a closed user group section).