Expand my Community achievements bar.

SOLVED

What is a system user and how do I create a system user ?

Avatar

Level 5
Level 5
2/22/23 10:24:47 PM
 

Views

958

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/22/23 11:10:14 PM

You can find my blog on what is an AEM system user on AEM, and how to set one up by searching on google, "what is AEM system user"; points you to Create System | Service Users in AEM 6.5 with Code Configurations - Sourced Code. In this awesome blog article, you will also have some code examples for how you can write changes to AEM.

 

But let's share what is a system user? A system user is a JCR user with no password set and a minimal set of privileges that are necessary to perform a specific task. Having no password set means that it will not be possible to login with a system user. A system user is typically utilized by the AEM backend code which have privileges to create, read, update, and delete nodes in the JCR; the backend code will authenticate as a system user as a session when needed, and is required to session logout right when the task or tasks have been completed. Not logging out of a system user from the AEM backend will cause issues. If you do not logout of a session that you have opened, your AEM will be flooded by opened sessions, your AEM will start complaining with *INFO* [Apache Sling Resource Resolver Finalizer Thread] org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl Unclosed ResourceResolver, and eventually your AEM environment will run out of memory and crash; to learn more about this topic, take a look at this blog article, ResourceResolvers and Sessions — “you open it, you close it”, by Jörg Hoh. The rule of thumb for creating System Users is to keep the privileges very specific; ensure you have a plan for this system user.

if you are on AEM 6.5.4+, you can With the org.apache.sling.jcr.repoinit.RepositoryInitializer factory PID to create a system user from the code. 

scripts=["
    create service user sourcedCodeSystemUser with path /home/users/system/sourcedCode
    set ACL for sourcedCodeSystemUser
        allow jcr:read,rep:write,crx:replicate on /content/sourcedcode
        allow jcr:read,rep:write,crx:replicate on /conf/sourcedcode
        allow jcr:all on /content/we-retail
    end
"]



Take a look here: Create System | Service Users in AEM 6.5 with Code Configurations - Sourced Code

View solution in original post

Views

945

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
2/22/23 11:10:14 PM

You can find my blog on what is an AEM system user on AEM, and how to set one up by searching on google, "what is AEM system user"; points you to Create System | Service Users in AEM 6.5 with Code Configurations - Sourced Code. In this awesome blog article, you will also have some code examples for how you can write changes to AEM.

 

But let's share what is a system user? A system user is a JCR user with no password set and a minimal set of privileges that are necessary to perform a specific task. Having no password set means that it will not be possible to login with a system user. A system user is typically utilized by the AEM backend code which have privileges to create, read, update, and delete nodes in the JCR; the backend code will authenticate as a system user as a session when needed, and is required to session logout right when the task or tasks have been completed. Not logging out of a system user from the AEM backend will cause issues. If you do not logout of a session that you have opened, your AEM will be flooded by opened sessions, your AEM will start complaining with *INFO* [Apache Sling Resource Resolver Finalizer Thread] org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl Unclosed ResourceResolver, and eventually your AEM environment will run out of memory and crash; to learn more about this topic, take a look at this blog article, ResourceResolvers and Sessions — “you open it, you close it”, by Jörg Hoh. The rule of thumb for creating System Users is to keep the privileges very specific; ensure you have a plan for this system user.

if you are on AEM 6.5.4+, you can With the org.apache.sling.jcr.repoinit.RepositoryInitializer factory PID to create a system user from the code. 

scripts=["
    create service user sourcedCodeSystemUser with path /home/users/system/sourcedCode
    set ACL for sourcedCodeSystemUser
        allow jcr:read,rep:write,crx:replicate on /content/sourcedcode
        allow jcr:read,rep:write,crx:replicate on /conf/sourcedcode
        allow jcr:all on /content/we-retail
    end
"]



Take a look here: Create System | Service Users in AEM 6.5 with Code Configurations - Sourced Code

Views

946

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
2/23/23 2:11:35 AM

Hi @arindam6600 , Please check out this for system user creation and their use for getting resource resolver. - https://unlocklearning.in/resource-resolver-in-aem/ 

 

 

Shiv Prakash

Views

933

Replies

0
Sign in to like this content

Total Likes

Translate
Translate