Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

User changes in aem

kiranc13433869
Level 4
Level 4

Hi Team,

 

I am using aem 6.5

I am trying to know when perticular user's permissions changed

 

I mean whenever any activity happened on user admin

I need to know who did it n what he added or deleted

Is it possible to trace such permissions

Just like logs can we trace users behaviour as well?

Please revert

 

 

 

AEM logs Permissions User Access
1 Accepted Solution
kiranc13433869
Correct answer by
Level 4
Level 4

Hi @markus_bulla_adobe 

I tried below step as well where changed permissions for a user and it is still not showing in my local.

View solution in original post

7 Replies
markus_bulla_adobe
Employee
Employee

Hi @kiranc13433869!

Please check the following documentation:

As far as I understand your requirement, this should exactly do what you need.

 

Update:

I double checked and can confirm the behavior differs from the documentation as you described it in your update. I'll check internally and have raised a ticket for it with our documentation team (CQDOC-18142).

After checking it seems that you need to raise the log level to "DEBUG" and add another entry to the "Logger" section of the OSGI configuration:

 

 

com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet

 

 

This will at least give you some basic logging on permission management, such as:

 

 

*DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /content/dam for test
*DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin removing policy for /content/dam, [759448319_, 759448319

 

 

I'll try to get the documentation fixed for this feature and will update this thread if there is additional information about it.

 

Thanks for raising this issue!

Hope that helps!

kiranc13433869
Level 4
Level 4

Hi @murukus,

Thanks for info

This is good option but it is only mentioning about if user created, deleted or new group added

What I am looking for 

If user permissions changed like read modify, create, delete, read acl, edit acl and replicate

If any of these activities are added to user or group or removed. Those logs am looking for 

Can you help me with this.

kiranc13433869
Level 4
Level 4

Hi,

 

I followed all steps and its is giving same response which is shared in link

I.e. abt user creating, group adding or deleting, password change etc 

Even though it is specified in document, but it is not updating permission issues.

markus_bulla_adobe
Employee
Employee

Hi @kiranc13433869!

Please double check on the documentation. It does exactly what you mentioned:

"[...] auditing CRUD (Create, Read, Update, Delete) actions on permissions and group assignments of users. [...] Permission changes of an existing user or group"

 

Hope that helps!

kiranc13433869
Level 4
Level 4
Hi, I followed all steps and its is giving same response which is shared in link I.e. abt user creating, group adding or deleting, password change etc  Even though it is specified in document, but it is not updating permission issues
markus_bulla_adobe
Employee
Employee

Hi @kiranc13433869!

I double checked and can confirm the behavior that differs from the documentation as you described it. I'll check internally and raise a ticket for it with our documentation team.

After checking it seems that you need to raise the log level to "DEBUG" and add another entry to the "Logger" section of the OSGI configuration:

com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet

This will at least give you some basic logging on permission management, such as:

*DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin adds policy on /content/dam for test
*DEBUG* [127.0.0.1 POST /bin/policies HTTP/1.1] com.adobe.granite.security.permissions.internal.servlets.PoliciesServlet admin removing policy for /content/dam, [759448319_, 759448319

I'll try to get the documentation fixed for this feature and will update this thread if there is additional information about it.

 

Thanks for raising this issue!

Hope that helps!

kiranc13433869
Correct answer by
Level 4
Level 4

Hi @markus_bulla_adobe 

I tried below step as well where changed permissions for a user and it is still not showing in my local.

View solution in original post