Adobe Experience Manager Sites & More

TB3dock · 8/23/21

We want to create a group in admin console, e.g. "Our Admins", so we can assign users and product profiles in the central admin console and have the users we add to this group be admins on one or more of our 7 AEM cloud instances (dev, test, uat, stage, prod etc.).

We could make ourselves administrators of all 7 environments, go into each one in turn, and add the built in groups, such as:

"administrators"
"user-administrators"
"content-authors" etc.

to our custom group, but this is difficult to maintain, as we might forget one env, or have to change them on all evs.

Presumably, there is a way to do this via OSGi config, or possibly with some sort of package sync?

Any ideas?

aanchal-sikka · 12/14/23

@TB3dock

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

Use repo-init script

# Add members to groups
add administrators,user-administrators user2 to group grpA

https://sling.apache.org/documentation/bundles/repository-initialization.html

Option-3:

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool

Aanchal Sikka

View solution in original post

Asutosh_Jena_ · 8/24/21

Hi @TB3dock

Are you not managing the users and groups using IMS on AACS?

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/security/ims-support.html?l...

Thanks!

TB3dock · 8/24/21

Yes, we have been trying that, but its completely broken, and Adobe cant fix it. Its unusable.

We need to some how do it manually, although setting up permissions in adobe is very complicated.

We have been using AEM for nearly a year, and we have yet to find a way to reliable assign permissions to give users access to each env due to bugs in AEM/IMS.

Bimmi_Soi · 8/24/21

Hi @TB3dock ,

You can make use of Repository Initializer to create groups and assign permissions

PFB link

https://sling.apache.org/documentation/bundles/repository-initialization.html

Hope this helps!!

Thanks

aanchal-sikka · 12/14/23

@TB3dock

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

Use repo-init script

# Add members to groups
add administrators,user-administrators user2 to group grpA

https://sling.apache.org/documentation/bundles/repository-initialization.html

Option-3:

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool

Aanchal Sikka

Adobe Experience Manager Sites & More

How to put a group into another group on a cloud AEM instance and replicate to all instances (envs)?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe