Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

How to put a group into another group on a cloud AEM instance and replicate to all instances (envs)?

Avatar

Level 9

We want to create a group in admin console, e.g. "Our Admins", so we can assign users and product profiles in the central admin console and have the users we add to this group be admins on one or more of our 7 AEM cloud instances (dev, test, uat, stage, prod etc.).

 

We could make ourselves administrators of all 7 environments, go into each one in turn, and add the built in groups, such as:

 

  • "administrators"
  • "user-administrators"
  • "content-authors" etc.

to our custom group, but this is difficult to maintain, as we might forget one env, or have to change them on all evs.

 

Presumably, there is a way to do this via OSGi config, or possibly with some sort of package sync?

 

Any ideas?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@TB3dock 

 

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

 

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

  • Use repo-init script
# Add members to groups
add administrators,user-administrators user2 to group grpA

 https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Option-3: 

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool 


Aanchal Sikka

View solution in original post

4 Replies

Avatar

Level 9

Yes, we have been trying that, but its completely broken, and Adobe cant fix it. Its unusable. 

We need to some how do it manually, although setting up permissions in adobe is very complicated.

We have been using AEM for nearly a year, and we have yet to find a way to reliable assign permissions to give users access to each env due to bugs in AEM/IMS.

Avatar

Employee Advisor

Hi @TB3dock ,

 

You can make use of Repository Initializer to create groups and assign permissions

PFB link

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Hope this helps!!

 

Thanks

Avatar

Correct answer by
Community Advisor

@TB3dock 

 

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

 

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

  • Use repo-init script
# Add members to groups
add administrators,user-administrators user2 to group grpA

 https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Option-3: 

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool 


Aanchal Sikka