Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

"Everyone" group added for each user of AEM 6

Avatar

Level 3

Hi All,

We recently upgraded our server from AEM 5.6.1 to AEM 6. Everything working fine except the strange behavior we noticed with user and group.

"Everyone" group is added to all users after upgrade and it cannot be removed manually from users using "\useradmin" console. As everyone group has deny permissions on most of the stuff so the users not able to view content on site.

Do we need to install any hotfix to fix this issue or is there any other customize way by creating script?

Please pour in your suggestions to resolve this issue.

Thanks In Advance,

RK

1 Accepted Solution

Avatar

Correct answer by
Level 10

Hi RK,

everyone group  is  special &  all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control.  Verify the acl evaluation and identify the group that is causing & fix accordingly.  You are in wrong directing that everyone group causing it.

Thanks,

View solution in original post

5 Replies

Avatar

Correct answer by
Level 10

Hi RK,

everyone group  is  special &  all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control.  Verify the acl evaluation and identify the group that is causing & fix accordingly.  You are in wrong directing that everyone group causing it.

Thanks,

Avatar

Level 1

I recently had this issue as well.

This happens when you replicate a page BEFORE replicating the group it's secured against. 

Even when a group is then replicated, the correct rep:policy node does NOT get created.

Perhaps a workflow can be set up so that order doesn't matter, but for the time being always replicate your groups first.

Avatar

Level 10

Rep:policy will never be replicated. If it is cug it will auto create once activation reaches publishers. So you need to make sure group exist before that. Otherwise without group presence cug can't create rep:policy.

Avatar

Level 10

YOu might want to install SP1 - see if that addresses the issue. THey made some fixes in that service pack. 

Also - here is some background on that group:

http://jackrabbit.apache.org/oak/docs/security/user.html

Everyone Group

The default user management implementation in Oak contains special handling for the optional group that represents everyone, which is marked by the reserved name everyone and corresponds to theEveryonePrincipal.

This special group always contains all Authorizable as member and cannot be edited with user management API. As of OAK this fact is consistently reflected in all group membership related methods. See also Principal Management.

Avatar

Level 3

Hi Smacdonald,

Thanks for your reply.

We are already using Adobe Experience Manager, Version 6.0.0.SP1. 

/RK