Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

Impersonate user suggestions not loading

Avatar

Level 4
Level 4
10/6/22 4:46:26 AM

Hi,

 

vjleo94_0-1665056572673.png

 

Here, We can see that nothing is loading in user suggestions. I have added my user to administrators group as well. 

 

/mnt/overlay/granite/ui/content/coral/foundation/authorizable/autocomplete/suggestion.0.10.html?_charset_=utf-8&selector=user&serviceUserFilter=exclude&impersonableUserFilter=includeonly&query=as&_=1665039085816

 

I see that above call happens in network tab, and this returns no results. Can anyone help me here with what could be the possible reason?

 

Views

300

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
11/27/22 1:59:18 PM

Hi @vjleo94,

In order for impersonating to work for non-admin users - even if member of the “administrators” group, the impersonator is required to have READ permissions in the /home/users path.

For more information on how to achieve this, see Permissions in AEM.

First, your analysis is right. The list of impersonators is a property at the target user. So the target user can grant another user (the impersonator) the right to act as himself. There is no “impersonation right”, that a specific user group is allowed to impersonate to anybody.

So the use case “Support User Group”, where a group of support users are allowed to impersonate as other business users will not work. Every individual business user must grant impersonation rights to the support user group.

To change the list of impersonators, you just need write access at the target users. Either it is the target user itself, or members of the “user administrators” group, or member of the “administrators” group, or any other user or user group that your project has granted write access on the target user.

Reference: https://stackoverflow.com/questions/48316471/who-can-addimperonators-in-useradmin-for-a-user-in-aem-...

Hope that helps!

Regards,

Santosh

View solution in original post

Views

277

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
11/27/22 1:59:18 PM

Hi @vjleo94,

In order for impersonating to work for non-admin users - even if member of the “administrators” group, the impersonator is required to have READ permissions in the /home/users path.

For more information on how to achieve this, see Permissions in AEM.

First, your analysis is right. The list of impersonators is a property at the target user. So the target user can grant another user (the impersonator) the right to act as himself. There is no “impersonation right”, that a specific user group is allowed to impersonate to anybody.

So the use case “Support User Group”, where a group of support users are allowed to impersonate as other business users will not work. Every individual business user must grant impersonation rights to the support user group.

To change the list of impersonators, you just need write access at the target users. Either it is the target user itself, or members of the “user administrators” group, or member of the “administrators” group, or any other user or user group that your project has granted write access on the target user.

Reference: https://stackoverflow.com/questions/48316471/who-can-addimperonators-in-useradmin-for-a-user-in-aem-...

Hope that helps!

Regards,

Santosh

Views

278

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply