Adobe Experience Manager Sites & More

SivaKr2 · 4/30/25

I have few AEM groups and it has already existed in AEM and it has their individual permissions to folders, Currently i need to validate all the permission levels for almost 20+ AEM groups any solution for this process ?
I want to Validate & export all the groups with their permissions.

AmitVishwakarma · 4/30/25

Hi @SivaKr2 ,

To validate AEM group permissions and export them to CSV, you can use a Groovy script via the AEM Groovy Console, which is the most effective and widely used method for tasks like this in AEM.

1. Install AEM Groovy Console (if not already installed).

GitHub: https://github.com/icfnext/aem-groovy-console

2. Use this Groovy script in Groovy Console:

import org.apache.jackrabbit.api.security.user.Group
import com.day.cq.security.AccessControlUtil
import au.com.bytecode.opencsv.CSVWriter
def session = resourceResolver.adaptTo(Session)
def userManager = resourceResolver.adaptTo(UserManager)
def groups = ["group1", "group2"] // Your AEM group names
def writer = new StringWriter()
def csv = new CSVWriter(writer)
csv.writeNext(["Group", "Path", "Privileges"])

groups.each { g ->
    def group = userManager.getAuthorizable(g)
    if (group instanceof Group) {
        AccessControlUtil.getAccessControlEntries(session, "/").findAll {
            it.principal.name == g
        }.each {
            csv.writeNext([g, it.path, it.privileges*.name.join(", ")])
        }
    }
}
println writer.toString()

Run the script, copy the output, and save as .csv.

To include nested groups, you'd need recursion in getAllPermissions.

If groups are spread across different paths (/home/groups/site, etc.), you can query them dynamically.

You can also run this as a scheduled task if regular exports are needed.

Regards,
Amit

ShivamKumar · 4/30/25

Hi @SivaKr2 ,

1. You can validate and export all the groups with their permissions(Manual but Visual):-

Go to /useradmin → Search for each group.
Open and view the Permission tab → manually review.
Or, use CRX/DE at /home/groups/<first-letter>/<group-name> and check rep:policy.

2. You can export all AEM groups and their permissions using either:

Java Servlet – Programmatically access all groups via UserManager, Use AccessControlManager to read permission policies (ACLs) on specific paths.
Groovy Console – Quick, script-based access to groups and their permissions.

muskaanchandwani · 4/30/25

Hello @SivaKr2
ACL Packager from ACS AEM Commons might help
https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.ht...

It creates a content package containing all ACL entries for selected paths, users, or groups.

aanchal-sikka · 5/5/25

@SivaKr2 Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Aanchal Sikka

Adobe Experience Manager Sites & More

Permission validation & export in CSV

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe