Expand my Community achievements bar.

SOLVED

How to put a group into another group on a cloud AEM instance and replicate to all instances (envs)?

Avatar

Level 9
Level 9
8/23/21 11:06:18 AM

We want to create a group in admin console, e.g. "Our Admins", so we can assign users and product profiles in the central admin console and have the users we add to this group be admins on one or more of our 7 AEM cloud instances (dev, test, uat, stage, prod etc.).

 

We could make ourselves administrators of all 7 environments, go into each one in turn, and add the built in groups, such as:

 

  • "administrators"
  • "user-administrators"
  • "content-authors" etc.

to our custom group, but this is difficult to maintain, as we might forget one env, or have to change them on all evs.

 

Presumably, there is a way to do this via OSGi config, or possibly with some sort of package sync?

 

Any ideas?

Views

616

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/14/23 6:05:26 PM

@TB3dock 

 

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

 

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

  • Use repo-init script
# Add members to groups
add administrators,user-administrators user2 to group grpA

 https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Option-3: 

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool 

Aanchal Sikka

View solution in original post

Views

151

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 9
Level 9
8/24/21 6:41:37 AM
In response to Asutosh_Jena_

Yes, we have been trying that, but its completely broken, and Adobe cant fix it. Its unusable. 

We need to some how do it manually, although setting up permissions in adobe is very complicated.

We have been using AEM for nearly a year, and we have yet to find a way to reliable assign permissions to give users access to each env due to bugs in AEM/IMS.

Views

594

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
8/24/21 2:16:18 AM

Hi @TB3dock ,

 

You can make use of Repository Initializer to create groups and assign permissions

PFB link

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Hope this helps!!

 

Thanks

Views

601

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/14/23 6:05:26 PM

@TB3dock 

 

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

 

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

  • Use repo-init script
# Add members to groups
add administrators,user-administrators user2 to group grpA

 https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Option-3: 

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool 

Aanchal Sikka

Views

152

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply