How to put a group into another group on a cloud AEM instance and replicate to all instances (envs)? | Community
Skip to main content
T
TB3dock
Level 8
August 23, 2021
Solved

How to put a group into another group on a cloud AEM instance and replicate to all instances (envs)?

  • August 23, 2021
  • 3 replies
  • 1932 views

We want to create a group in admin console, e.g. "Our Admins", so we can assign users and product profiles in the central admin console and have the users we add to this group be admins on one or more of our 7 AEM cloud instances (dev, test, uat, stage, prod etc.).

 

We could make ourselves administrators of all 7 environments, go into each one in turn, and add the built in groups, such as:

 

  • "administrators"
  • "user-administrators"
  • "content-authors" etc.

to our custom group, but this is difficult to maintain, as we might forget one env, or have to change them on all evs.

 

Presumably, there is a way to do this via OSGi config, or possibly with some sort of package sync?

 

Any ideas?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by aanchal-sikka

@tb3dock 

 

Option-1:

Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

 

Option-2:

There are multiple options to inherit the OOTB groups in IMS groups

  • Use repo-init script
# Add members to groups add administrators,user-administrators user2 to group grpA

 https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Option-3: 

Netcentric ACL Tool enables to deploy Group association via YAML files in code base

https://github.com/Netcentric/accesscontroltool 

3 replies

Asutosh_Jena_
Community Advisor
Asutosh_Jena_Community Advisor
Community Advisor
August 24, 2021

Hi @tb3dock 

 

Are you not managing the users and groups using IMS on AACS?

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/security/ims-support.html?lang=en#managing-permissions-in-aem

 

Thanks!

    T
    TB3dockAuthor
    Level 8
    August 24, 2021

    Yes, we have been trying that, but its completely broken, and Adobe cant fix it. Its unusable. 

    We need to some how do it manually, although setting up permissions in adobe is very complicated.

    We have been using AEM for nearly a year, and we have yet to find a way to reliable assign permissions to give users access to each env due to bugs in AEM/IMS.

      B
      Adobe Employee
      BimmiSoAdobe Employee
      Adobe Employee
      August 24, 2021

      Hi @tb3dock ,

       

      You can make use of Repository Initializer to create groups and assign permissions

      PFB link

      https://sling.apache.org/documentation/bundles/repository-initialization.html

       

      Hope this helps!!

       

      Thanks

        aanchal-sikka
        Community Advisor
        aanchal-sikkaCommunity AdvisorAccepted solution
        Community Advisor
        December 15, 2023

        @tb3dock 

         

        Option-1:

        Every env in Cloud has an Admin Product profile. One could create a group and assign the relevant product profiles. The Admin profile already grants a lot of access. You might not need to add more groups to it.

         

        Option-2:

        There are multiple options to inherit the OOTB groups in IMS groups

        • Use repo-init script
        # Add members to groups add administrators,user-administrators user2 to group grpA

         https://sling.apache.org/documentation/bundles/repository-initialization.html

         

        Option-3: 

        Netcentric ACL Tool enables to deploy Group association via YAML files in code base

        https://github.com/Netcentric/accesscontroltool 

        Aanchal Sikka
          Terms & ConditionsAccessibility statement

          Loading footer...