Adobe Experience Manager Sites & More

radhikak8817019 · 15/10/15

Hi All,

We recently upgraded our server from AEM 5.6.1 to AEM 6. Everything working fine except the strange behavior we noticed with user and group.

"Everyone" group is added to all users after upgrade and it cannot be removed manually from users using "\useradmin" console. As everyone group has deny permissions on most of the stuff so the users not able to view content on site.

Do we need to install any hotfix to fix this issue or is there any other customize way by creating script?

Please pour in your suggestions to resolve this issue.

Thanks In Advance,

RK

Sham_HC · 15/10/15

Hi RK,

everyone group is special & all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control. Verify the acl evaluation and identify the group that is causing & fix accordingly. You are in wrong directing that everyone group causing it.

Thanks,

Ver la solución en mensaje original publicado

Sham_HC · 15/10/15

Hi RK,

everyone group is special & all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control. Verify the acl evaluation and identify the group that is causing & fix accordingly. You are in wrong directing that everyone group causing it.

Thanks,

Stipo42 · 15/10/15

I recently had this issue as well.

This happens when you replicate a page BEFORE replicating the group it's secured against.

Even when a group is then replicated, the correct rep:policy node does NOT get created.

Perhaps a workflow can be set up so that order doesn't matter, but for the time being always replicate your groups first.

Sham_HC · 15/10/15

Rep:policy will never be replicated. If it is cug it will auto create once activation reaches publishers. So you need to make sure group exist before that. Otherwise without group presence cug can't create rep:policy.

smacdonald2008 · 15/10/15

YOu might want to install SP1 - see if that addresses the issue. THey made some fixes in that service pack.

Also - here is some background on that group:

http://jackrabbit.apache.org/oak/docs/security/user.html

Everyone Group

The default user management implementation in Oak contains special handling for the optional group that represents everyone, which is marked by the reserved name everyone and corresponds to theEveryonePrincipal.

This special group always contains all Authorizable as member and cannot be edited with user management API. As of OAK this fact is consistently reflected in all group membership related methods. See also Principal Management.