Blogs > System User in AEM
AEM Sites
System User in AEM
| April 2, 2023Hello, hope you are all doing well. Welcome to another blog.
System User in AEM
System users are designated accounts created to handle system-level tasks or to provide specific permissions to certain processes or services within the AEM platform. These accounts are not intended for human use, but are linked to automated operations, integrations, or system functions within AEM.
Creation of System User
In order to create a system user we need to follow the following steps.
-
You ned to go the explorer console of aem and click on user administration.
-
You need to simply create a new system user. Here we have created aem_bot user.
-
Now having created a system user, we need to add permissions to it. In order to do so go to useradmin console and search for aem_bot and add the required permissions.
-
This user is stored in the system folder within home folder in crx/de.
-
System users can also be created using configurations. In configMgr, search for an ACS configuration factory called Ensure Service User. This is a configuration factory that actually creates the system user and adds permissions to it. Here we have created a system user called aem-service-bot within aembots folder. Also we have added permisions to it.
-
type=allow says that the permissions are being granted (deny could be used) and privileges=jcr:read,jcr:all,rep:write defines for what the permissions are actually granted.
-
jcr:read grants reading permision.
-
jcr:all grants all the permissions like read, write, delete, modify etc.
-
rep:write grants the permission of write.
-
path=/content/local-project being the repository location where the granted permissions are exercised.
-
There are some more commonly used permissions like jcr:modifyProperties, jcr:addChildNodes, jcr:removeChildNodes, rep:readProperties, rep:readNodes and crx:replicate with selfexplainatory names.
-
This created system user can be loacted in crx/de under home folder.
Configuring System User
In order to configure the system user we need to follow the following steps.
-
Now we need to first get the bundle id so that we can bind the created system user.
-
Search for Apache Sling Service User Mapper Service Ammendment which is a factory configuration. Here we need to add the system configuration.
-
Now we need to add the bundle id: reference name = name of the system user.
Consuming System User
Now the system user is ready to be consumed. We need to create a utility class wherein there exists a map. This map consumes our reference name with whihch the system user is binds with the bundle id. It indeed returns a resource resolver
package com.infodales.aem.core.util;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import java.util.HashMap;
import java.util.Map;
public final class SubserviceConsumption {
private SubserviceConsumption() {
}
public ResourceResolver subserviceResolver(ResourceResolverFactory factory) throws LoginException {
final Map parameters = new HashMap();
parameters.put(factory.SUBSERVICE, "bot");
return factory.getServiceResourceResolver(parameters);
}
}
Conclusion
Here we have sucessfully created a system user, provided permissions to it via explorer and ensure user configurations and have configured it. We have also consumed the system user via a parameter map that returns a resource resolver which can be used to access a recource in the provided path and perform permitted operations on it.
I hope you enjoyed the learing and have found the blog informative.
