How to Create and Map a System User in AEM (Step-by-Step Guide)

Monday, April 21, 2025

How to Create and Map a System User in AEM (Step-by-Step Guide)

in leave a reply

 In Adobe Experience Manager (AEM), when you build services or backend logic, you often need to access JCR (Java Content Repository) securely. For this, you don’t use regular users—you use System Users.





System Users are special, non-login users used for service-level operations. They don’t have passwords and are safer to use than admin or normal users.

Let’s walk through the steps to create and map a system user in AEM.


Step 1: Create a System User

  • Go to AEM Web Console: http://localhost:4502/crx/explorer/index.jsp
  • Log in with admin credentials.
  • Click on User Administration tab.



  • Click Create System User, and fill:
  • User ID: inowate-test-user
  • Add path. Click Create.(Under /home/system, create a folder for your project if not already created (example: /home/system/myproject). else you can create directly in system)
Note:  I'm assigning permissions to this folder because my contact form submissions will be stored in the JCR under this location. In your case, you should grant permissions to the folder where you intend to read, write, update, delete, or modify JCR nodes, depending on your specific requirements.


Check following screenshot from my practical work




Step 2: Assign Required Permissions

  • http://localhost:4502/useradmin
  • Search your system user: inowate-test-user
  • Select the user, and assign read/write permissions to specific paths your service will access. For example: (/content/myproject, /var/contact-form-submission)

Avoid giving unnecessary permissions. Check the following screenshot



Step 3: Map the User with a Service

  • http://localhost:4502/system/console/configMgr
  • search (Apache Sling Service User Mapper Service Amendment)
  • Add an entry like the following screenshot.


User System user in code

Now we can use system user in our code in servlet or in service where it required as per need
@Reference
private ResourceResolverFactory resolverFactory;

private ResourceResolver getServiceResourceResolver() {
    Map<String, Object> param = new HashMap<>();
    param.put(ResourceResolverFactory.SUBSERVICE, "my-service-name");
    try {
        return resolverFactory.getServiceResourceResolver(param);
    } catch (LoginException e) {
        log.error("Failed to get service resource resolver", e);
    }
    return null;
}


Conclusion

System users make your AEM services secure and clean. Just remember:

  • Create under /home/system
  • Use mapper config correctly
  • Give minimum permissions
  • Use getServiceResourceResolver() in your code



Latest
Next Post
Rizwan Zafar

post written by:

0 comments: