Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

system users vs aem users vs service users

Avatar

Level 2

what is the difference between system users vs aem users vs service users

1 Accepted Solution

Avatar

Correct answer by
Level 10

A normal AEM user has an account with AEM and can perform tasks - like authoring, creating pages, etc,

A System user is meant for use with special tasks like using it in code to get a session - as discussed here: Adobe Experience Manager Help | Persisting Adobe Experience Manager 6.4 JCR data using a Custom Form...

A System user is not an actual person who uses that account - but used in code as shown in that article. (That article, we show how to create a system user and perform Sling Mapping so it can be used in Java code to get a session.)

So you do not use a System user to perform AEM tasks - like logging into AEM and creating pages, and you do not use a user account to get a session as shown in the above article.

Hope that helps... 

View solution in original post

3 Replies

Avatar

Correct answer by
Level 10

A normal AEM user has an account with AEM and can perform tasks - like authoring, creating pages, etc,

A System user is meant for use with special tasks like using it in code to get a session - as discussed here: Adobe Experience Manager Help | Persisting Adobe Experience Manager 6.4 JCR data using a Custom Form...

A System user is not an actual person who uses that account - but used in code as shown in that article. (That article, we show how to create a system user and perform Sling Mapping so it can be used in Java code to get a session.)

So you do not use a System user to perform AEM tasks - like logging into AEM and creating pages, and you do not use a user account to get a session as shown in the above article.

Hope that helps... 

Avatar

Level 2
got it. Could you please tell what is service user??

Avatar

Level 2
Level 2

This is an old question, though I think it was asked well, so I'd like to put down what I found.

In practice, it seems that AEM uses the terms "service user", "system user" and even "system service user" more or less interchangeably:

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/security-servic...

 

This is consistent with its low-level usage in the Apache JackRabbit content repository seen in JCR-3802.

There seems to be some preference for "Service User", e.g. here's an Advanced > Service Users tutorial on how to create a Service User, and a good reason to do so (get a global count of all assets, without necessarily providing access to each asset - I could see this easily extended to other kinds of asset metadata). The tutorial also makes it clearer the intention is to empower AEM Developers to build to the Principle of least privilege, and so with best practice security in mind, avoid using an admin session or admin user, risking e.g. CWE-250 as may be found by a good penetration tester.

P.S. The CRX Explorer > User Administration screen's top bar has a button with the label "Create System User" so it's unlikely that a globally consistent term emerges any time soon.