User changes in aem | Community
Skip to main content
K
kiranc13433869
Level 4
July 2, 2021
Solved

User changes in aem

  • July 2, 2021
  • 2 replies
  • 2887 views

Hi Team,

 

I am using aem 6.5

I am trying to know when perticular user's permissions changed

 

I mean whenever any activity happened on user admin

I need to know who did it n what he added or deleted

Is it possible to trace such permissions

Just like logs can we trace users behaviour as well?

Please revert

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by kiranc13433869

Hi @markusbullaadobe 

I tried below step as well where changed permissions for a user and it is still not showing in my local.

2 replies

MarkusBullaAdobe
Adobe Employee
MarkusBullaAdobeAdobe Employee
Adobe Employee
July 2, 2021

Hi @kiranc13433869!

Please check the following documentation:

As far as I understand your requirement, this should exactly do what you need.

 

Update:

I double checked and can confirm the behavior differs from the documentation as you described it in your update. I'll check internally and have raised a ticket for it with our documentation team (CQDOC-18142).

After checking it seems that you need to raise the log level to "DEBUG" and add another entry to the "Logger" section of the OSGI configuration:

 

 

com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet

 

 

This will at least give you some basic logging on permission management, such as:

 

 

*DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /content/dam for test *DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin removing policy for /content/dam, [759448319_, 759448319

 

 

I'll try to get the documentation fixed for this feature and will update this thread if there is additional information about it.

 

Thanks for raising this issue!

Hope that helps!

    K
    kiranc13433869Author
    Level 4
    July 2, 2021

    Hi @murukus,

    Thanks for info

    This is good option but it is only mentioning about if user created, deleted or new group added

    What I am looking for 

    If user permissions changed like read modify, create, delete, read acl, edit acl and replicate

    If any of these activities are added to user or group or removed. Those logs am looking for 

    Can you help me with this.

    K
    kiranc13433869AuthorAccepted solution
    Level 4
    July 2, 2021

    Hi @markusbullaadobe 

    I tried below step as well where changed permissions for a user and it is still not showing in my local.

      S
      Adobe Employee
      Sriga28Adobe Employee
      Adobe Employee
      September 23, 2024

      Hi @kiranc13433869 ,

      I tried adding the loggers[0] at debug level and modified the user permissions via the Touch UI. I was able to observe the ACL changes in the logs. Please see the details below[1].

       

      [0]com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet com.adobe.granite.security.user.internal.servlets.AuthorizableServlet com.adobe.granite.security.user.internal.audit

       

      [1]

      23.09.2024 16:17:00.085 *DEBUG* [10.172.141.36 [1727088420083] POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /conf/global/settings for testuser
23.09.2024 16:19:17.515 *DEBUG* [10.172.141.36 [1727088557514] POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /content/community for testuser
23.09.2024 16:19:32.178 *DEBUG* [10.172.141.36 [1727088572177] POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin removing policy for /content/community, [2091452248_, 2091452248
23.09.2024 16:29:38.295 *DEBUG* [10.172.141.36 [1727089178293] POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /content/community for testuser
       
      Terms & ConditionsAccessibility statement

      Loading footer...