Permission validation & export in CSV | Community
Skip to main content
S
SivaKr2
April 30, 2025
Solved

Permission validation & export in CSV

  • April 30, 2025
  • 4 replies
  • 722 views

I have few AEM groups and it has already existed in AEM and it has their individual permissions to folders, Currently i need to validate all the permission levels for almost 20+ AEM groups any solution for this process ?
I want to Validate & export all the groups with their permissions.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by muskaanchandwani

Hello @sivakr2 
ACL Packager from ACS AEM Commons might help
https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.html

It creates a content package containing all ACL entries for selected paths, users, or groups.

4 replies

AmitVishwakarma
Community Advisor
AmitVishwakarmaCommunity Advisor
Community Advisor
April 30, 2025

Hi @sivakr2 ,

To validate AEM group permissions and export them to CSV, you can use a Groovy script via the AEM Groovy Console, which is the most effective and widely used method for tasks like this in AEM.

1. Install AEM Groovy Console (if not already installed).

GitHub: https://github.com/icfnext/aem-groovy-console

2. Use this Groovy script in Groovy Console:

import org.apache.jackrabbit.api.security.user.Group import com.day.cq.security.AccessControlUtil import au.com.bytecode.opencsv.CSVWriter def session = resourceResolver.adaptTo(Session) def userManager = resourceResolver.adaptTo(UserManager) def groups = ["group1", "group2"] // Your AEM group names def writer = new StringWriter() def csv = new CSVWriter(writer) csv.writeNext(["Group", "Path", "Privileges"]) groups.each { g -> def group = userManager.getAuthorizable(g) if (group instanceof Group) { AccessControlUtil.getAccessControlEntries(session, "/").findAll { it.principal.name == g }.each { csv.writeNext([g, it.path, it.privileges*.name.join(", ")]) } } } println writer.toString()

Run the script, copy the output, and save as .csv.

To include nested groups, you'd need recursion in getAllPermissions.

If groups are spread across different paths (/home/groups/site, etc.), you can query them dynamically.

You can also run this as a scheduled task if regular exports are needed.


Regards,
Amit

S
ShivamKumar
April 30, 2025

Hi @sivakr2 ,


1. You can validate and export all the groups with their permissions(Manual but Visual):-

  • Go to /useradmin → Search for each group.
  • Open and view the Permission tab → manually review.
  • Or, use CRX/DE at /home/groups/<first-letter>/<group-name> and check rep:policy.

2. You can export all AEM groups and their permissions using either:

  • Java Servlet – Programmatically access all groups via UserManager, Use AccessControlManager to read permission policies (ACLs) on specific paths.
  • Groovy Console – Quick, script-based access to groups and their permissions.
    muskaanchandwani
    Adobe Employee
    muskaanchandwaniAdobe EmployeeAccepted solution
    Adobe Employee
    April 30, 2025

    Hello @sivakr2 
    ACL Packager from ACS AEM Commons might help
    https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.html

    It creates a content package containing all ACL entries for selected paths, users, or groups.

      aanchal-sikka
      Community Advisor
      aanchal-sikkaCommunity Advisor
      Community Advisor
      May 5, 2025

      @sivakr2 Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

      Aanchal Sikka
      Terms & ConditionsAccessibility statement

      Loading footer...