How to get list of Users/Group with specific privileges for the given content?

jura_khrapunov

15-10-2015

In a large organization we have multiple divisions and publishing workflow is pretty decentralized.

Is there any way how I can programmatically get a list of Users/Groups which have certain explicit (not inherited) permissions set for the given content path?

Example:

There is a "global editors" group which has REPLICATE permissions for the whole /content namespace. Another group "editors X" has REPLICATE permission set for /content/x branch. And yet another group "local editors" assigned to the /content/x/local node. How I can get only "local editors" group for the node /content/x/local? 

Accepted Solutions (1)

Accepted Solutions (1)

anjali_biddanda

06-10-2020

You can do this: 

Authorizable userGroup = userManager.getAuthorizable("test-usergroup");
JackrabbitAccessControlManager jMgr = (JackrabbitAccessControlManager) adminSession.getAccessControlManager();
jMgr.hasPrivileges(path, Collections.singleton(userGroup.getPrincipal()), privileges);

 

Answers (4)

Answers (4)

anjali_biddanda

06-10-2020

Hi @jura_khrapunov , were you able to use this to solve your issue? 

userManager.findAuthorizables(path, "rep:Group")

I have the same problem. I need to know what user groups have write access to a given path. I can't use the above successfully. It only works for relative paths like 

userManager.findAuthorizables("jcr:primaryType", "rep:Group")

 @smacdonald2008 , do you have any suggestions?

smacdonald2008

15-10-2015

To programmatically work with user in AEM, you use the org.apache.jackrabbit.api.security.user.UserManager api. For you use case, you can call the findAuthorizables method and set the correct properties. I will look to determine if we have code samples.