This chapter describes how to configure and maintain user authorization and also describes the theory behind how authentication and authorization work in AEM.
Users and Groups in AEM
This section deals with the various entities and related concepts in more detail to help you configure an easy to maintain user management concept.
Users will log in to AEM with their account. Each user account is unique and holds the basic account details, together with the privileges assigned.
Users are often members of Groups, which simplify the allocation of these permissions and/or privileges.
Groups are collections of users and/or other groups; these are all called Members of a group.
Their primary purpose is to simplify the maintenance process by reducing the number of entities to be updated, as a change made to a group is applied to all members of the group. Groups often reflect:
1. a role within the application; such as someone who is allowed to surf the content, or someone who is allowed to contribute content.
2. your own organization; you may want to extend the roles to differentiate between contributors from different departments when they are restricted to different branches in the content tree.