0

I can see a lot of recommendation to not create System Users via API (maybe it is not possible?) or to not replicate System User across environments (via package bundle for example).

I'm curious, since System Users doesn't have password or can't be used to system log in, which risks are being mitigated with a manual user creation approach (via crx exporer)?

Cœur
  • 37,241
  • 25
  • 195
  • 267
doriguetto
  • 11
  • 1
  • System users have permissions and ACL privileges just like any other users so they are equally vulnerable. Also some service accounts are used without authentication internally so password protection is irrelevant. You must not alter system user accounts so there is no need to replicate them. What is your use case? – Imran Saeed Mar 14 '17 at 18:32
  • Since AEM 6 SlingRepository.loginAdministrative is deprecated -https://sling.apache.org/documentation/the-sling-engine/service-authentication.html#deprecation-of-administrative-authentication . – doriguetto Mar 15 '17 at 04:54
  • Now it is required to create a System User in order to access JCR repo and resource resolver - http://stackoverflow.com/questions/31388591/how-to-create-a-system-user-repsystemuser-in-aem-6-1 Im want to come up with a solution to replicate the newly created system users across different enviroments in my stack. I can see a lot of recomendation about creating the System user manually, just want to understand why. – doriguetto Mar 15 '17 at 04:54
  • Yes, that's true. However, for such system users which will normally be associated to some pre-build function or some custom function, you are better off bundling these users as a part of your code or custom package deployment rather than installing on one author and replicating them. – Imran Saeed Mar 16 '17 at 10:02
  • Agreed. Do you foresee any risks in exposing the system users information (username for example) in code base? – doriguetto Mar 16 '17 at 23:27
  • Not necessarily a new kind of risk. AEM code is full of service user names. For example replication-service can be found quite frequently and is commonly used in implementing custom replication logic. – Imran Saeed Mar 17 '17 at 08:39

0 Answers0