Adobe Experience Manager Sites & More

AD-Engineer · 6/16/21

Hi,

I am trying to create a system user on AEM Cloud, but the url where the system users are created is not available on Cloud. How can I create or at least export/import a system user on Cloud? Thanks!

Asutosh_Jena_ · 6/17/21

Hi @AD-Engineer

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
        "
        create service user systemuser
        set ACL for systemuser
        allow jcr:read on /etc restriction(rep:glob,/productfeed)
        allow jcr:write on /etc restriction(rep:glob,/productfeed)
        end
        "
]

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

Thanks!

View solution in original post

Ritesh_Mittal · 6/16/21

Hi @AD-Engineer ,

You can create the system user on your local AEM instance and it must be stored on location /home/users/system/<sys user> and provide proper permission.

Then follow below steps-

1. Create package of system user.
2. Download and unzip there you should see the system user folder ( .content.xml inside ) for system user, which you can commit as part of codebase

Sample .content.xml will look like below-

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:SystemUser"
jcr:uuid="5d9c68c6-c50e-33d0-aa2f-cf54f63993b6"
rep:authorizableId="testSystemUser"
rep:principalName="testSystemUser"/>

AD-Engineer · 6/16/21

Hi @Ritesh_Mittal

Thank you for you reply. I got the package, but where should i put it on the code? In which folder should be added? Thank you again!

Lakshmi9 · 4/28/22

Hi @Ritesh_Mittal ,

could you please let me know where I can find the permissions(allow) node for the system user which I created. not found it under content & etc as well. Need to deploy it to higher environments along with the permissions. Kindly help.

Thank you!

Prince_Shivhare · 6/16/21

It is not a best practice to deploy the system user with code or package.

I had the same problem earlier and we discussed the same thing with Adobe techincal team and they suggested about the REPOINT.

I rasied this question on forum and got the answer. you can refer this url -
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

kchaurasiya · 6/16/21

Hi @AD-Engineer , Keeping the system user in the code is not a good practice.As @Prince_Shivhare said.

We are also using the system user in our project and that we have kept in the package.So whenever system user is required to run some workflow or service on the environment such as dav/qa/uat . We just Deploy the user package on the environment.

You can create the package as @Ritesh_Mittal already explained and once package is created download it at your local and upload and install the same package wherever you required and provide the read and write permission of that user for specific folder or as per your requirement.

Thank You.

Ritesh_Mittal · 6/16/21

Hi @kchaurasiya @Prince_Shivhare ,

Can you point out where it is mentioned that keeping system user in GIT repo is not a best practice?

Also, notably, moving forward (with AEM as Cloud Service), Adobe is even recommending (forcing, wink) to have configuration as part of GIT repository.

@AD-Engineer To answer your question, you can put the system user folder under below path-

/ui.content/src/main/content/jcr_root/home/users/system/

Also, you need to add the entry in filter.xml, the path should be "/ui.content/src/main/content/META-INF/vault/filter.xml"

kchaurasiya · 6/17/21

Hi @Ritesh_Mittal, Thanks, I am agree with you that we can keep the system user inside the code not denying . I just shared my project experience as in my project they did not allow to keep the system user in the code. So its a part of package. Thanks

Ritesh_Mittal · 6/17/21

Thanks, Just wanted to check if I am missing anything.

Asutosh_Jena_ · 6/17/21

Hi @AD-Engineer

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
        "
        create service user systemuser
        set ACL for systemuser
        allow jcr:read on /etc restriction(rep:glob,/productfeed)
        allow jcr:write on /etc restriction(rep:glob,/productfeed)
        end
        "
]