Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

"Everyone" group added for each user of AEM 6

radhikak8817019
Level 3
Level 3

Hi All,

We recently upgraded our server from AEM 5.6.1 to AEM 6. Everything working fine except the strange behavior we noticed with user and group.

"Everyone" group is added to all users after upgrade and it cannot be removed manually from users using "\useradmin" console. As everyone group has deny permissions on most of the stuff so the users not able to view content on site.

Do we need to install any hotfix to fix this issue or is there any other customize way by creating script?

Please pour in your suggestions to resolve this issue.

Thanks In Advance,

RK

1 Accepted Solution
Sham_HC
Correct answer by
Level 10
Level 10

Hi RK,

everyone group  is  special &  all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control.  Verify the acl evaluation and identify the group that is causing & fix accordingly.  You are in wrong directing that everyone group causing it.

Thanks,

View solution in original post

5 Replies
Sham_HC
Correct answer by
Level 10
Level 10

Hi RK,

everyone group  is  special &  all users (including 'anonymous') are implicitly member of that group and there is no way to add or remove someone from that group. in other words: nothing that is related to access control.  Verify the acl evaluation and identify the group that is causing & fix accordingly.  You are in wrong directing that everyone group causing it.

Thanks,

View solution in original post

Stipo42
Level 1
Level 1

I recently had this issue as well.

This happens when you replicate a page BEFORE replicating the group it's secured against. 

Even when a group is then replicated, the correct rep:policy node does NOT get created.

Perhaps a workflow can be set up so that order doesn't matter, but for the time being always replicate your groups first.

Sham_HC
Level 10
Level 10

Rep:policy will never be replicated. If it is cug it will auto create once activation reaches publishers. So you need to make sure group exist before that. Otherwise without group presence cug can't create rep:policy.

smacdonald2008
Level 10
Level 10

YOu might want to install SP1 - see if that addresses the issue. THey made some fixes in that service pack. 

Also - here is some background on that group:

http://jackrabbit.apache.org/oak/docs/security/user.html

Everyone Group

The default user management implementation in Oak contains special handling for the optional group that represents everyone, which is marked by the reserved name everyone and corresponds to theEveryonePrincipal.

This special group always contains all Authorizable as member and cannot be edited with user management API. As of OAK this fact is consistently reflected in all group membership related methods. See also Principal Management.

radhikak8817019
Level 3
Level 3

Hi Smacdonald,

Thanks for your reply.

We are already using Adobe Experience Manager, Version 6.0.0.SP1. 

/RK