Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

System User AEM Cloud

Avatar

Level 4

Hi,

I am trying to create a system user on AEM Cloud, but the url where the system users are created is not available on Cloud. How can I create or at least export/import a system user on Cloud? Thanks!

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @AD-Engineer 

 

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

 

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
"
create service user systemuser
set ACL for systemuser
allow jcr:read on /etc restriction(rep:glob,/productfeed)
allow jcr:write on /etc restriction(rep:glob,/productfeed)
end
"
]

 

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

 

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Thanks!

View solution in original post

9 Replies

Avatar

Community Advisor

Hi @AD-Engineer ,

You can create the system user on your local AEM instance and it must be stored on location /home/users/system/<sys user> and provide proper permission.

Then follow below steps-

1. Create package of system user.
2. Download and unzip there you should see the system user folder ( .content.xml inside ) for system user, which you can commit as part of codebase

 

Sample .content.xml will look like below-

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:SystemUser"
jcr:uuid="5d9c68c6-c50e-33d0-aa2f-cf54f63993b6"
rep:authorizableId="testSystemUser"
rep:principalName="testSystemUser"/>

Avatar

Level 4

Hi @Ritesh_Mittal

Thank you for you reply. I got the package, but where should i put it on the code? In which folder should be added? Thank you again!

Avatar

Level 3

Hi @Ritesh_Mittal ,

could you please let me know where I can find the permissions(allow) node for the system user which I created. not found it under content & etc as well. Need to deploy it to higher environments along with the permissions. Kindly help.

 

Thank you!

Avatar

Community Advisor

It is not a best practice to deploy the system user with code or package.

I had the same problem earlier and we discussed the same thing with Adobe techincal team and they suggested about the REPOINT.

I rasied this question on forum and got the answer. you can refer this url -
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

Avatar

Level 6

Hi @AD-Engineer , Keeping the system user in the code is not a good practice.As @Prince_Shivhare  said.

 

We are also using the system user in our project and that we have kept in the package.So whenever system user is required to run some workflow or service on the environment such as dav/qa/uat . We just Deploy the user package on the environment.

 

You can create the package as @Ritesh_Mittal already explained and once package is created download it at your local and upload and install the same package wherever you required and provide the read and write permission of that user for specific folder or as per your requirement.

 

Thank You.

Avatar

Community Advisor

Hi @kchaurasiya @Prince_Shivhare ,

 

Can you point out where it is mentioned that keeping system user in GIT repo is not a best practice?

 

Also, notably, moving forward (with AEM as Cloud Service), Adobe is even recommending (forcing, wink) to have configuration as part of GIT repository.

 

@AD-Engineer  To answer your question, you can put the system user folder under below path-

 

/ui.content/src/main/content/jcr_root/home/users/system/

 

Also, you need to add the entry in filter.xml, the path should be "/ui.content/src/main/content/META-INF/vault/filter.xml"

<filter root="/home/users/system/mysystemuser"/>

 

 

 

 

Avatar

Level 6
Hi @Ritesh_Mittal, Thanks, I am agree with you that we can keep the system user inside the code not denying . I just shared my project experience as in my project they did not allow to keep the system user in the code. So its a part of package. Thanks

Avatar

Community Advisor
Thanks, Just wanted to check if I am missing anything.

Avatar

Correct answer by
Community Advisor

Hi @AD-Engineer 

 

You can create a system user using RepositoryInitializer configuration which is available in AEM as Cloud.

It will automatically create the system user with appropriate level of permision as mentioned in the script/config which can be added as an OSGi config.

 

Create an OSGi config with:

org.apache.sling.jcr.repoinit.RepositoryInitializer-project.config and add the below code where "systemuser" is the name of the user and /etc is the path with level of access.

scripts=[
"
create service user systemuser
set ACL for systemuser
allow jcr:read on /etc restriction(rep:glob,/productfeed)
allow jcr:write on /etc restriction(rep:glob,/productfeed)
end
"
]

 

Please see my answer here as well:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-as-a-cloud-system-user...

 

More information available here:

https://sling.apache.org/documentation/bundles/repository-initialization.html

 

Thanks!