Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Impersonate user suggestions not loading

Avatar

Level 4

Hi,

 

vjleo94_0-1665056572673.png

 

Here, We can see that nothing is loading in user suggestions. I have added my user to administrators group as well. 

 

/mnt/overlay/granite/ui/content/coral/foundation/authorizable/autocomplete/suggestion.0.10.html?_charset_=utf-8&selector=user&serviceUserFilter=exclude&impersonableUserFilter=includeonly&query=as&_=1665039085816

 

I see that above call happens in network tab, and this returns no results. Can anyone help me here with what could be the possible reason?

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @vjleo94,

In order for impersonating to work for non-admin users - even if member of the “administrators” group, the impersonator is required to have READ permissions in the /home/users path.

For more information on how to achieve this, see Permissions in AEM.

First, your analysis is right. The list of impersonators is a property at the target user. So the target user can grant another user (the impersonator) the right to act as himself. There is no “impersonation right”, that a specific user group is allowed to impersonate to anybody.

So the use case “Support User Group”, where a group of support users are allowed to impersonate as other business users will not work. Every individual business user must grant impersonation rights to the support user group.

To change the list of impersonators, you just need write access at the target users. Either it is the target user itself, or members of the “user administrators” group, or member of the “administrators” group, or any other user or user group that your project has granted write access on the target user.

Reference: https://stackoverflow.com/questions/48316471/who-can-addimperonators-in-useradmin-for-a-user-in-aem-...

Hope that helps!

Regards,

Santosh

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi @vjleo94,

In order for impersonating to work for non-admin users - even if member of the “administrators” group, the impersonator is required to have READ permissions in the /home/users path.

For more information on how to achieve this, see Permissions in AEM.

First, your analysis is right. The list of impersonators is a property at the target user. So the target user can grant another user (the impersonator) the right to act as himself. There is no “impersonation right”, that a specific user group is allowed to impersonate to anybody.

So the use case “Support User Group”, where a group of support users are allowed to impersonate as other business users will not work. Every individual business user must grant impersonation rights to the support user group.

To change the list of impersonators, you just need write access at the target users. Either it is the target user itself, or members of the “user administrators” group, or member of the “administrators” group, or any other user or user group that your project has granted write access on the target user.

Reference: https://stackoverflow.com/questions/48316471/who-can-addimperonators-in-useradmin-for-a-user-in-aem-...

Hope that helps!

Regards,

Santosh