Permission validation & export in CSV | Community
Skip to main content
S
SivaKr2
New Participant
April 30, 2025
Solved

Permission validation & export in CSV

  • April 30, 2025
  • 4 replies
  • 722 views

I have few AEM groups and it has already existed in AEM and it has their individual permissions to folders, Currently i need to validate all the permission levels for almost 20+ AEM groups any solution for this process ?
I want to Validate & export all the groups with their permissions.

Best answer by muskaanchandwani

Hello @sivakr2 
ACL Packager from ACS AEM Commons might help
https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.html

It creates a content package containing all ACL entries for selected paths, users, or groups.

4 replies

aanchal-sikka
aanchal-sikka
New Participant
May 5, 2025

@sivakr2 Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Aanchal Sikka
muskaanchandwani
muskaanchandwaniAccepted solution
Employee
April 30, 2025

Hello @sivakr2 
ACL Packager from ACS AEM Commons might help
https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.html

It creates a content package containing all ACL entries for selected paths, users, or groups.

    S
    ShivamKumar
    New Participant
    April 30, 2025

    Hi @sivakr2 ,


    1. You can validate and export all the groups with their permissions(Manual but Visual):-

    • Go to /useradmin → Search for each group.
    • Open and view the Permission tab → manually review.
    • Or, use CRX/DE at /home/groups/<first-letter>/<group-name> and check rep:policy.

    2. You can export all AEM groups and their permissions using either:

    • Java Servlet – Programmatically access all groups via UserManager, Use AccessControlManager to read permission policies (ACLs) on specific paths.
    • Groovy Console – Quick, script-based access to groups and their permissions.
      AmitVishwakarma
      AmitVishwakarma
      New Participant
      April 30, 2025

      Hi @sivakr2 ,

      To validate AEM group permissions and export them to CSV, you can use a Groovy script via the AEM Groovy Console, which is the most effective and widely used method for tasks like this in AEM.

      1. Install AEM Groovy Console (if not already installed).

      GitHub: https://github.com/icfnext/aem-groovy-console

      2. Use this Groovy script in Groovy Console:

      import org.apache.jackrabbit.api.security.user.Group import com.day.cq.security.AccessControlUtil import au.com.bytecode.opencsv.CSVWriter def session = resourceResolver.adaptTo(Session) def userManager = resourceResolver.adaptTo(UserManager) def groups = ["group1", "group2"] // Your AEM group names def writer = new StringWriter() def csv = new CSVWriter(writer) csv.writeNext(["Group", "Path", "Privileges"]) groups.each { g -> def group = userManager.getAuthorizable(g) if (group instanceof Group) { AccessControlUtil.getAccessControlEntries(session, "/").findAll { it.principal.name == g }.each { csv.writeNext([g, it.path, it.privileges*.name.join(", ")]) } } } println writer.toString()

      Run the script, copy the output, and save as .csv.

      To include nested groups, you'd need recursion in getAllPermissions.

      If groups are spread across different paths (/home/groups/site, etc.), you can query them dynamically.

      You can also run this as a scheduled task if regular exports are needed.


      Regards,
      Amit

      Terms & ConditionsAccessibility statement

      Loading footer...