User data and data stores

User management stores user data in a database, such as My Sql, Oracle, MS® SQL Server, and IBM® DB2®. In addition, any user who has logged in at least once in Forms applications on AEM author at https://'[server]:[port]'lc, the user gets created in AEM repository. Therefore, user management is stored in the following data stores:

  • Database
  • AEM repository
  • Third-party storage like LDAP directory
NOTE
Data stored in third-party storages is out of scope for this document. Contact the third-party vendor directly to manage user data in such storages.

Database

User management stores user data in the following database tables:

Database tableDescription
EdcPrincipalEntityStores information about principal entities. A principal can be a user, a group, or a role.
EdcPrincipalUserEntityStores personally identifiable information (PII) of users. It contains an entry for every user from local, enterprise, and hybrid domains.

EdcPrincipalLocalAccountEntity

EdcPrincipalLocalAccount

(Oracle and MS® SQL databases)

Stores data only for local users.

EdcPrincipalEmailAliasEntity

EdcPrincipalEmailAliasEn

(Oracle and MS® SQL databases)

Contains entries of all users from local, enterprise, and hybrid domains. It contains user email IDs.

EdcPrincipalGrpCtmntEntity

EdcPrincipalGrpCtmntEnti
(Oracle and MS® SQL databases)

Stores the mapping between users and groups.
EdcPrincipalRoleEntityStores the mapping between roles and principals for both users and groups.
EdcPriResPrmEntityStores the mapping between principal and permissions for both users and groups.

EdcPrincipalMappingEntity

EdcPrincipalMappingEntit
(Oracle and MS® SQL databases)

Stores old and new attribute values corresponding to a principal.

AEM repository

User management data for users who have at least once accessed the Forms applications under https://'[server]:[port]'lc is stored in AEM repository as well.

Access and delete user data

You can access and export user management data for users in the user management databases and AEM repository, and if necessary, delete it permanently.

Database

To export or delete user data from user management database, you must connect to the database using a database client and find out the principal ID based on some PII of the user. For example, to retrieve the principal ID of a user using a login ID, run the following select command on the database.

In the select command, replace the <user_login_id> with the login ID of the user whose principal ID you want to retrieve.

select refprincipalid from EdcPrincipalUserEntity where uidstring = <user_login_id>

Once you know the principal ID, you can export or delete the user data.

Export user data

Run the following database commands so you can export user management data for a principal ID from database tables. In the select command, replace <principal_id> with the principal ID of the user whose data you want to export.

NOTE
The following commands use database table names in My SQL and IBM® DB2® databases. When running these commands on Oracle and MS® SQL databases, replace the following table names in the commands:
  • Replace EdcPrincipalLocalAccountEntity with EdcPrincipalLocalAccount

  • Replace EdcPrincipalEmailAliasEntity with EdcPrincipalEmailAliasEn

  • Replace EdcPrincipalMappingEntity with EdcPrincipalMappingEntit

  • Replace EdcPrincipalGrpCtmntEntity with EdcPrincipalGrpCtmntEnti

Select * from EdcPrincipalLocalAccountEntity where refuserprincipalid in (Select id from EdcPrincipalUserEntity where refprincipalid in (Select id from EDCPRINCIPALENTITY where id='<principal_id>'));

Select * from EdcPrincipalEmailAliasEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalRoleEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPriResPrmEntity where refprinid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalUserEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalMappingEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalGrpCtmntEntity where refchildprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalEntity where id='<principal_id>';

Delete user data

Do the following to delete user management data for a principal ID from database tables.

  1. Delete user data from AEM repository, if applicable, as described in Delete user data.

  2. Shut down the AEM Forms Server.

  3. Run the following database commands so you can delete user management data for a principal ID from database tables. In the Delete command, replace <principal_id> with the principal ID of the user whose data you want to delete.

    Delete from EdcPrincipalLocalAccountEntity where refuserprincipalid in (Select id from EdcPrincipalUserEntity where refprincipalid in (select id from EdcPrincipalEntity where id='<principal_id>'));
    
    Delete from EdcPrincipalEmailAliasEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalRoleEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPriResPrmEntity where refprinid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalUserEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalMappingEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalGrpCtmntEntity where refchildprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalEntity where id='<principal_id>';
    
  4. Start the AEM Forms Server.

AEM repository

Forms JEE users have their data in AEM repository if they have accessed the AEM Forms author instance at least one. You can access and delete their user data from AEM repository.

Access user data

To view user created in AEM repository, log into https://'[server]:[port]'/lc/useradmin with AEM administrator credentials. Note that server and port in the URL are that of the AEM author instance. Here, you can search for users with their username. Double-click a user so you can view information like properties, permissions, and groups for the user. The Path property for a user specifies the path to the user node created in AEM repository.

Delete user data

To delete a user:

  1. Go to https://'[server]:[port]'/lc/useradmin with AEM administrator credentials.
  2. Search for a user and double-click the username to open user properties. Copy the Path property.
  3. Go to AEM CRXDE Lite at https://'[server]:[port]'/lc/crx/de/index.jsp and navigate or search the user path.
  4. Delete the path and click Save All to permanently delete the user from AEM repository.

Experience Manager


Espressos & Experience Manager: AEM Forms

Espressos & Experience Manager

Thursday, Mar 6, 7:00 PM UTC

Join Adobe's AEM product team as they highlight AEM Forms' latest innovations, including: the new Gen AI Assistant, Unified Composition with AEM Sites, and new ways to deploy forms through conversations.

Register

Put the Customer at the Center and Build Relationships That Last a Lifetime

Online | Strategy Keynote | General Audience

First impressions last a lifetime. Great first impressions feel personal, connected, and relevant right from the start. From the first...

Wed, Mar 19, 2:30 PM PDT (9:30 PM UTC)

Register

Driving Marketing Agility and Scale: Transforming your Content Supply Chain with AI

Online | Strategy Keynote | General Audience

Marketers everywhere are feeling the pressure to deliver impactful campaigns faster and at greater scale. This Strategy Keynote explores...

Tue, Mar 18, 2:30 PM PDT (9:30 PM UTC)

Register

Connect with Experience League at Summit!

Get front-row access to top sessions, hands-on activities, and networking—wherever you are!

Learn more