Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

System User AEM Cloud

AD-Engineer
Level 3
Level 3

Hi,

I am trying to create a system user on AEM Cloud, but the url where the system users are created is not available on Cloud. How can I create or at least export/import a system user on Cloud? Thanks!

1 Accepted Solution
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @AD-Engineer 

 

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

 

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
"
create service user systemuser
set ACL for systemuser
allow jcr:read on /etc restriction(rep:glob,/productfeed)
allow jcr:write on /etc restriction(rep:glob,/productfeed)
end
"
]

 

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

 

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Thanks!

View solution in original post

8 Replies
Ritesh_M
Community Advisor
Community Advisor

Hi @AD-Engineer ,

You can create the system user on your local AEM instance and it must be stored on location /home/users/system/<sys user> and provide proper permission.

Then follow below steps-

1. Create package of system user.
2. Download and unzip there you should see the system user folder ( .content.xml inside ) for system user, which you can commit as part of codebase

 

Sample .content.xml will look like below-

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:SystemUser"
jcr:uuid="5d9c68c6-c50e-33d0-aa2f-cf54f63993b6"
rep:authorizableId="testSystemUser"
rep:principalName="testSystemUser"/>

AD-Engineer
Level 3
Level 3

Hi @Ritesh_M

Thank you for you reply. I got the package, but where should i put it on the code? In which folder should be added? Thank you again!

Prince_Shivhare
Level 9
Level 9

It is not a best practice to deploy the system user with code or package.

I had the same problem earlier and we discussed the same thing with Adobe techincal team and they suggested about the REPOINT.

I rasied this question on forum and got the answer. you can refer this url -
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

kchaurasiya
Level 6
Level 6

Hi @AD-Engineer , Keeping the system user in the code is not a good practice.As @Prince_Shivhare  said.

 

We are also using the system user in our project and that we have kept in the package.So whenever system user is required to run some workflow or service on the environment such as dav/qa/uat . We just Deploy the user package on the environment.

 

You can create the package as @Ritesh_M already explained and once package is created download it at your local and upload and install the same package wherever you required and provide the read and write permission of that user for specific folder or as per your requirement.

 

Thank You.

Ritesh_M
Community Advisor
Community Advisor

Hi @kchaurasiya @Prince_Shivhare ,

 

Can you point out where it is mentioned that keeping system user in GIT repo is not a best practice?

 

Also, notably, moving forward (with AEM as Cloud Service), Adobe is even recommending (forcing, wink) to have configuration as part of GIT repository.

 

@AD-Engineer  To answer your question, you can put the system user folder under below path-

 

/ui.content/src/main/content/jcr_root/home/users/system/

 

Also, you need to add the entry in filter.xml, the path should be "/ui.content/src/main/content/META-INF/vault/filter.xml"

<filter root="/home/users/system/mysystemuser"/>

 

 

 

 

kchaurasiya
Level 6
Level 6
Hi @Ritesh_M, Thanks, I am agree with you that we can keep the system user inside the code not denying . I just shared my project experience as in my project they did not allow to keep the system user in the code. So its a part of package. Thanks
Ritesh_M
Community Advisor
Community Advisor
Thanks, Just wanted to check if I am missing anything.
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @AD-Engineer 

 

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

 

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
"
create service user systemuser
set ACL for systemuser
allow jcr:read on /etc restriction(rep:glob,/productfeed)
allow jcr:write on /etc restriction(rep:glob,/productfeed)
end
"
]

 

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

 

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Thanks!

View solution in original post