Accidentally removed admin access

Experience Manager (PaaS/OnPrem)
1

Hi,

I accidentally removed admin access to all users. Is there a way to undo this? Or anyway to create new users with admin access?

The data is in MySql database. Tried with the backup but did not work. I guess the user details are stored in database.

Please help.

Thanks
RK

2

Hi,

Agree with you that the user info is stored in database. So restored database then reboot-strap the storage must work.

3

Hello,

I cant restore the database as its in production and its a huge db.

Any other option? I am trying to add a new role, group and assign a user to the group but how to connect a role to the group? When I try to login with the new user(mapped to the new group) I get “Access to this application is not allowed for this user”.

Thank you for your inputs.

4

Can you still be able to access and edit the cms/console ? If you can then try to import or update those nodes
image

5

No, seems like editors do not have console access.

6

It’s done. I was able to create new user, new role and new admin. Below are the steps just in case if anyone in future stumbles upon the same issue:

  1. Create user(create backupuser.yaml)
    definitions:
    config:
    /hippo:configuration/hippo:users/backupuser:
    jcr:primaryType: hipposys:user
    hipposys:active: true
    hipposys:password: user-password
    hipposys:securityprovider: internal

  2. Create a role(Create backupadmin.yaml )
    definitions:
    config:
    /hippo:configuration/hippo:roles/backupadmin:
    jcr:primaryType: hipposys:role
    hipposys:privileges: [‘jcr:all’, ‘hippo:admin’]
    hipposys:roles: [editor]

  3. Create admin(create backupadmin.yaml )
    definitions:
    config:
    /hippo:configuration/hippo:groups/backupadmin:
    jcr:primaryType: hipposys:group
    hipposys:members: [backupuser]
    hipposys:securityprovider: internal

  4. Update the group in repository-data/application/src/main/resources/hcm-config/configuration/domains/hippodocuments.yaml
    /hippo:configuration/hippo:domains/hippodocuments/editor:
    hipposys:groups: [admin, editor, sitewriters]
    hipposys:groups: [admin, editor, sitewriters, backupadmin]

  5. Update the group in repository-data/application/src/main/resources/hcm-config/configuration/domains/defaultwrite.yaml
    /hippo:configuration/hippo:domains/defaultwrite/readwrite:
    hipposys:groups: [admin, author, editor, sitewriters]
    hipposys:groups: [admin, author, editor, sitewriters, backupadmin]

  6. Map the group with the role(create everywhere.yaml)
    definitions:
    config:
    /hippo:configuration/hippo:domains/everywhere/backupadmin:
    jcr:primaryType: hipposys:authrole
    hipposys:groups: [backupadmin]
    hipposys:role: backupadmin

7

Hi,

good on you for figuring it out. This is the only way to get back in to the system if you’ve lost all your admin users. Note that you can also do this in a separate project/jar, you don’t have to do it in your main distribution.