Hi All,
If I have 2 technical accounts say A & B to integrate with a third party application and I have to restrict their permissions to upload an asset to specific path, I usually create an AEM group via yaml file say test_group and add the technical accounts as its member, heres the scenario :
Technical Account A - created and was not added to this group, when I go to Users in AEM cloud, I can see the technical service account without it being a member of test_group.
Account B - created and was added to the test_group, all works fine. I can upload an asset, create folders etc.
Later I added Account A to the test_group but it still can not create a folder and gives a 200 response instead of 201
Ps - I generated the Bearer token for both accounts and hit the Asset API via Postman
How much time does it take for the sync to happen, it was already 16-24 hours since I added the Technical account to the group? Is there a way to help AEM sync the permissions or an alternate route without using a new Technical/Service account?
Regards,
Anupam Patra
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
@anupampat , I run into same issue sometimes. Solution is to DELETE the user at AEM, and allow to federate once again.
So, delete your technical user. Test the api, when the user gets recreated, gruops will get applied.
It looks like Account A isn't picking up the permissions even after being added to the group. Here’s what you can try:
1. Sync Delay: It might take more time for the changes to show up, especially in the cloud. Try clearing the cache or logging out and back in.
2. Check Group Membership: Make sure Account A is properly added to the group and that the group has the correct permissions.
3. Force Sync: If you can, try refreshing the permissions manually or triggering a sync in AEM.
4. API Response: The 200 response means the request is being accepted, but permissions might be missing. Check the response for more details.
5. Admin Permissions: As a test, add Account A to an admin group to see if the issue is related to missing permissions.
Hope this helps!
Views
Replies
Total Likes
@anupampat , I run into same issue sometimes. Solution is to DELETE the user at AEM, and allow to federate once again.
So, delete your technical user. Test the api, when the user gets recreated, gruops will get applied.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies