Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

User Permissions to Take an Online Backup

Avatar

Level 3

Can any user besides admin take an online backup?  What permissions would they need?  I am using curl but I guess this would apply to backups through the UI as well.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@AEM_Dan By default, only users with administrative privileges can take online backups.

 

However, you can grant backup-related permissions to other users by assigning them the appropriate permissions in the AEM user management console. Specifically, the users would need the "jcr:write" and "jcr:removeNode" permissions on the relevant backup-related nodes in the repository.

 

This permission requirement applies to both backups taken through the curl command and the AEM user interface.

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @AEM_Dan  

For taking Online backup you need to be a Administrator as mentioned here 

 

Below is a sample command for CURL for online backup.Account your trying to use should have admin access.

curl -u admin:admin -X POST http://localhost:4502/system/console/jmx/com.adobe.granite:type=Repository/op/startBackup/java.lang....

Avatar

Correct answer by
Community Advisor

@AEM_Dan By default, only users with administrative privileges can take online backups.

 

However, you can grant backup-related permissions to other users by assigning them the appropriate permissions in the AEM user management console. Specifically, the users would need the "jcr:write" and "jcr:removeNode" permissions on the relevant backup-related nodes in the repository.

 

This permission requirement applies to both backups taken through the curl command and the AEM user interface.

Avatar

Community Advisor

Hi @AEM_Dan ,

In Adobe Experience Manager (AEM), taking an online backup typically requires administrative privileges. The ability to perform backup operations is usually restricted to users with administrative roles because backups are critical operations that involve accessing and potentially modifying sensitive system data.

Regular users typically do not have the necessary permissions to take online backups, whether through the UI or using tools like curl. This restriction helps prevent accidental data loss or unauthorized access to sensitive information.

To perform backup operations in AEM, a user would typically need administrative privileges, which are granted through membership in administrative groups such as administrators or backupOperators.

If you're using curl to perform backups programmatically, the user account you use with curl would need to have administrative privileges in AEM. You would also need to ensure that the user has the necessary permissions to access the backup endpoints in AEM.

For example, if you're using curl to trigger a backup through AEM's REST API, the user would need permission to access the relevant REST endpoints and perform the backup operation.

Keep in mind that granting administrative privileges should be done with caution, as it gives users significant control over the AEM system and its data. It's essential to follow best practices for user management and security to minimize the risk of unauthorized access or accidental data loss.

Avatar

Community Advisor

@AEM_Dan A simple answer for your question is 

 

Only users with administrative privileges can take online backups. If any one else need to take a backup just add them to 'administrators' group or provide them package manager access. This should work

Avatar

Community Advisor

Hi @AEM_Dan ,

In Adobe Experience Manager (AEM), the ability to take an online backup typically requires administrative privileges. However, you can grant specific permissions to non-administrator users to enable them to perform backup operations.

To allow a non-administrator user to take an online backup using curl or the AEM UI, you need to grant them the appropriate permissions. Here's how you can do it:

  1. Grant Permissions: Assign the following permissions to the user or group:

    • backup: This permission allows users to perform backup operations.
    • read or read_acl (optional): These permissions allow users to read the contents of the repository and access control lists (ACLs). Depending on your requirements, you may need to grant these permissions as well.
  2. Access Control Policies: Create or modify Access Control Policies (ACP) to grant the necessary permissions. You can do this through the AEM User Interface.

  3. Test Backup Operation: Once the permissions are configured, test the backup operation using curl or the AEM UI to ensure that the user can successfully perform the backup.

Here's an example of how you might use curl to perform an online backup:curl -u username:password -X POST http://localhost:4502/libs/granite/backup/content/backups/backuptask.html -d"path=/content/mywebsite" -d"name=mybackup"

Replace username, password, http://localhost:4502, /content/mywebsite, and mybackup with your actual credentials, AEM instance URL, content path, and backup name, respectively.

It's essential to carefully manage permissions and access control in your AEM instance to ensure security and compliance with your organization's policies. Granting backup permissions to non-administrator users should be done cautiously and with consideration for security implications.