Forms user management | Handling user data forms-user-management-handling-user-data

User management is an AEM Forms JEE component that allows creating, managing, and authorizing AEM Forms users to access AEM Forms. User management uses domains as directories for obtaining user information. The following domain types are supported:

Local domains: This type of domain is not connected to a third-party storage system. Instead, users and groups are created locally and reside in the User Management database. Passwords are stored locally, and authentication is done using a local database.

Hybrid domains: This type of domain is not connected to a third-party storage system. Instead, users and groups are created locally and reside in the User Management database. Unlike local domains, hybrid domains use an external authentication provider, which can be LDAP, Kerberos, SAML, or a custom authentication provider.

Enterprise domains: Consist of users and groups that reside in a third-party storage system, such as an LDAP directory. User Management does not write to the third-party storage system. Instead, User Management synchronizes the user and group information with the User Management database. Enterprise domains also use an external authentication provider, which can be LDAP, Kerberos, SAML, or a custom authentication provider.

User data and data stores user-data-and-data-stores

User management stores user data in a database, such as My Sql, Oracle, MS® SQL Server, and IBM® DB2®. In addition, any user who has logged in at least once in Forms applications on AEM author at https://'[server]:[port]'lc, the user gets created in AEM repository. Therefore, user management is stored in the following data stores:

  • Database
  • AEM repository
  • Third-party storage like LDAP directory
NOTE
Data stored in third-party storages is out of scope for this document. Contact the third-party vendor directly to manage user data in such storages.

Database database

User management stores user data in the following database tables:

Database table
Description
EdcPrincipalEntity
Stores information about principal entities. A principal can be a user, a group, or a role.
EdcPrincipalUserEntity
Stores personally identifiable information (PII) of users. It contains an entry for every user from local, enterprise, and hybrid domains.

EdcPrincipalLocalAccountEntity

EdcPrincipalLocalAccount

(Oracle and MS® SQL databases)

Stores data only for local users.

EdcPrincipalEmailAliasEntity

EdcPrincipalEmailAliasEn

(Oracle and MS® SQL databases)

Contains entries of all users from local, enterprise, and hybrid domains. It contains user email IDs.

EdcPrincipalGrpCtmntEntity

EdcPrincipalGrpCtmntEnti
(Oracle and MS® SQL databases)

Stores the mapping between users and groups.
EdcPrincipalRoleEntity
Stores the mapping between roles and principals for both users and groups.
EdcPriResPrmEntity
Stores the mapping between principal and permissions for both users and groups.

EdcPrincipalMappingEntity

EdcPrincipalMappingEntit
(Oracle and MS® SQL databases)

Stores old and new attribute values corresponding to a principal.

AEM repository aem-repository

User management data for users who have at least once accessed the Forms applications under https://'[server]:[port]'lc is stored in AEM repository as well.

Access and delete user data access-and-delete-user-data

You can access and export user management data for users in the user management databases and AEM repository, and if necessary, delete it permanently.

Database database-1

To export or delete user data from user management database, you must connect to the database using a database client and find out the principal ID based on some PII of the user. For example, to retrieve the principal ID of a user using a login ID, run the following select command on the database.

In the select command, replace the <user_login_id> with the login ID of the user whose principal ID you want to retrieve.

select refprincipalid from EdcPrincipalUserEntity where uidstring = <user_login_id>

Once you know the principal ID, you can export or delete the user data.

Export user data export-user-data

Run the following database commands so you can export user management data for a principal ID from database tables. In the select command, replace <principal_id> with the principal ID of the user whose data you want to export.

NOTE
The following commands use database table names in My SQL and IBM® DB2® databases. When running these commands on Oracle and MS® SQL databases, replace the following table names in the commands:
  • Replace EdcPrincipalLocalAccountEntity with EdcPrincipalLocalAccount

  • Replace EdcPrincipalEmailAliasEntity with EdcPrincipalEmailAliasEn

  • Replace EdcPrincipalMappingEntity with EdcPrincipalMappingEntit

  • Replace EdcPrincipalGrpCtmntEntity with EdcPrincipalGrpCtmntEnti

Select * from EdcPrincipalLocalAccountEntity where refuserprincipalid in (Select id from EdcPrincipalUserEntity where refprincipalid in (Select id from EDCPRINCIPALENTITY where id='<principal_id>'));

Select * from EdcPrincipalEmailAliasEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalRoleEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPriResPrmEntity where refprinid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalUserEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalMappingEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalGrpCtmntEntity where refchildprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');

Select * from EdcPrincipalEntity where id='<principal_id>';

Delete user data delete-user-data

Do the following to delete user management data for a principal ID from database tables.

  1. Delete user data from AEM repository, if applicable, as described in Delete user data.

  2. Shut down the AEM Forms Server.

  3. Run the following database commands so you can delete user management data for a principal ID from database tables. In the Delete command, replace <principal_id> with the principal ID of the user whose data you want to delete.

    code language-sql
    Delete from EdcPrincipalLocalAccountEntity where refuserprincipalid in (Select id from EdcPrincipalUserEntity where refprincipalid in (select id from EdcPrincipalEntity where id='<principal_id>'));
    
    Delete from EdcPrincipalEmailAliasEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalRoleEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPriResPrmEntity where refprinid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalUserEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalMappingEntity where refprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalGrpCtmntEntity where refchildprincipalid in (Select id from EdcPrincipalEntity where id='<principal_id>');
    
    Delete from EdcPrincipalEntity where id='<principal_id>';
    
  4. Start the AEM Forms Server.

AEM repository aem-repository-1

Forms JEE users have their data in AEM repository if they have accessed the AEM Forms author instance at least one. You can access and delete their user data from AEM repository.

Access user data access-user-data

To view user created in AEM repository, log into https://'[server]:[port]'/lc/useradmin with AEM administrator credentials. Note that server and port in the URL are that of the AEM author instance. Here, you can search for users with their username. Double-click a user so you can view information like properties, permissions, and groups for the user. The Path property for a user specifies the path to the user node created in AEM repository.

Delete user data delete-aem

To delete a user:

  1. Go to https://'[server]:[port]'/lc/useradmin with AEM administrator credentials.
  2. Search for a user and double-click the username to open user properties. Copy the Path property.
  3. Go to AEM CRXDE Lite at https://'[server]:[port]'/lc/crx/de/index.jsp and navigate or search the user path.
  4. Delete the path and click Save All to permanently delete the user from AEM repository.
recommendation-more-help
19ffd973-7af2-44d0-84b5-d547b0dffee2