Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Storing user data in aem. Is it recommended?

Avatar

Avatar
Give Back
Level 2
perfecci0nista
Level 2

Likes

7 likes

Total Posts

25 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile

Avatar
Give Back
Level 2
perfecci0nista
Level 2

Likes

7 likes

Total Posts

25 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile
perfecci0nista
Level 2

25-05-2021

Hello - I have a requirement where an application wants to store user profile data for an authenticated application. I am analyzing how compliant we are to store this info. 

 

Volume of Data 

Users - 50,000

User Type - Health care professional. 

User Data - May contain information such as HCP Medical number, medical license number etc. which might be available to public some where but should not be available from our systems. 

Fields per user - 20

Possible JCR queries to retrieve data while user accessing application: 5 - 20 

 

When we proposed external database to store this user profile information considering few issues with JCR such as below, I was challenged "why not JCR" when AEM has the capability to store information. 

1. Data security. How secure the data in AEM as compared to an external database. 

2. Number of queries might slow down the system.

3. Scalability of AEM is costly if application needs system infrastructure to be upgraded due to number of users and JCR queries.  

 

Any guidance and adobe's recommendation would be helpful. 

 

 

 

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Give Back 100
Level 10
asutosh_jena
Level 10

Likes

559 likes

Total Posts

676 posts

Correct Reply

194 solutions
Top badges earned
Give Back 100
Boost 500
Affirm 100
Ignite 1
Establish
View profile

Avatar
Give Back 100
Level 10
asutosh_jena
Level 10

Likes

559 likes

Total Posts

676 posts

Correct Reply

194 solutions
Top badges earned
Give Back 100
Boost 500
Affirm 100
Ignite 1
Establish
View profile
asutosh_jena
Level 10

25-05-2021

Hi @perfecci0nista 

 

As you have mentioned you can store the user data on AEM as nodes and add the fields as property, but you will need to consider few items before you finalize the approach:

  1. You will be storing HCP information along with PII details.
  2. Ensure your organization has the correct data security policy in place and check the data retention policy.
  3. What is the architecture you have in place, i.e. how many publish instances will be there? If it's 1:1 mapping with 1 publish and 1 dispatcher it will be easier to maintain the data whereas if it's multiple publish insatnces you need to ensure the data is available across all the publish instances and all the instances are in sync. Sticky connection also will be required here during authentication.
  4. The number of queries that you have mentioned should not be an issue here in a large scale application.

We had similar requirement where we wanted to keep HCP information and handle the authentication mechanism and we preferred to use Third party API (OKTA) to manage and handle the data which will be pretty straight forward.

perfecci0nista
My only worry points are storing 50000 users info and querying them time to time when the user logs in for personalization purpose. Is AEM JCR meant for storing such data or is it recommended to have the external DB to store that info. .
Jörg_Hoh
I would recommend to store them outside.
perfecci0nista
Hi Jorg - are there any strong reasons for this recommendation. Little more direction would be helpful. Thank you
Jörg_Hoh

The reasons for my recommendation is quite obvious: While you can store everything in AEM, i would like to avoid to store any sensitive data in there; one of the reasons is then AEM is security critical and and many AEM developers are not used to work under such constraints. Also AEM is not really helpful when you need to deal with such data, and it does not offer special protection or measures to help you here (for example it's very easy for code to use an admin session which can basically read all the data in the repository). So the governance and tests need to be much more stringent than in usual AEM projects.

 

Next, from an architectural point of view I would consolidate such sensitive data into a single place; in your case it sounds to me that you store a copy of that data in AEM, but its source is some different system (which provides the proper measures for protecting, auditing etc); so you would need to ensure consistency and also double the efforts to implement the proper security and compliance measures.

Answers (2)

Answers (2)

Avatar

Avatar
Give Back
Level 2
perfecci0nista
Level 2

Likes

7 likes

Total Posts

25 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile

Avatar
Give Back
Level 2
perfecci0nista
Level 2

Likes

7 likes

Total Posts

25 posts

Correct Reply

0 solutions
Top badges earned
Give Back
Ignite 1
Validate 1
Boost 5
Boost 3
View profile
perfecci0nista
Level 2

27-05-2021

Thank you for all your inputs. We have decided to explore the information received from external systems to be stored in browser session. Lets see how it goes. 

Avatar

Avatar
Validate 1
Level 2
av-ey
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 3
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Validate 1
Level 2
av-ey
Level 2

Likes

2 likes

Total Posts

18 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 3
Ignite 1
Give Back 5
Give Back 3
View profile
av-ey
Level 2

26-05-2021

Technicalities aside - the simple answer is no. Do not store user data in AEM. Use integration that stores this data somewhere else.