Expand my Community achievements bar.

Restricting AEM consoles to a User

Avatar

Level 2
Level 2
2/15/18 10:53:19 PM

Hi

There is a situation where a third party needs to read and write nodes in the content node of crx Author via an API. Since it's Author that they need access to, the AEM user credentials would be required by them for the read write to happen.  Now, what i thought was i'll create a user that has explicit access only to perform the read/write/delete/modify on the particular content path.

However, i would like to restrict access to all the AEM consoles to that user, if that's even possible. Basically, the user should not be able to do anything (or rather even view anything) apart from the job mentioned above as it's a third party.

I was hoping to get any inputs on this.

And also, if there is an alternative to providing user credentials to the third party to access Author, that would be great.

Thanks in advance.

Views

991

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 4
Level 4
2/16/18 3:04:51 PM

you can handle this If you create a user and only give it permission to the specific content path it needs to modify.

Allowing create, read and modify at /content/.. wont allow the user to access the consoles.

Views

570

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/19/18 12:04:52 AM

Thank you...I had tried that before also. Just that, the user can view CRXDE Lite and the package manager..However, whenever the user tries to perform any of the actions, it does not work.

Just wanted to clarify if it is the right approach, giving a user's credentials to a third party. Even though they cannot really do anything (as far as the information that i could find suggests)

Views

665

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
2/19/18 1:21:20 AM

For your third party to read and write nodes in AEM, create a service user and add mapping in user mapper service. A service user is a JCR user with no password set and a minimal set of privileges that are necessary to perform a specific task. Having no password set means that it will not be possible to login with a service user. refer to https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/security-service-users.html

Views

681

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/19/18 1:33:33 AM

Actually, the thing is, the third party has to post data to a Sling post servlet in AEM author. I have tried hitting the servlet using POSTMAN..i need to provide basic auth (username and password) for the purpose.

Views

662

Replies

0
Sign in to like this content

Total Likes

Translate
Translate