AEM as a Cloud Service Team and Product Profiles product-profiles
Learn how AEM as a Cloud Service team and product profiles can grant and limit access to your licensed ÃÛ¶¹ÊÓƵ solutions.
Product Profiles profiles
When granting a user access to a specific ÃÛ¶¹ÊÓƵ solution, you do not necessarily want to give them full access. Product profiles enable each solution to have its own set of user permissions. These are available and accessible via the Admin Console.
The ÃÛ¶¹ÊÓƵ Admin Console has a structured hierarchy of product, product instances, and product profiles where an organization’s internal users can be assigned membership, giving them access to the solutions and features that have been licensed.
AEM as a Cloud Service Product Profiles aem-product-profiles
AEM as a Cloud Service is a fully cloud-native offering that delivers AEM as a service. It delivers AEM in a cloud native manner, with new attributes like always on, always current, always secure, and always at scale. At the same time, it retains the main value proposition that AEM provides as a customizable platform to customers and allows enterprise grade teams to integrate in their development and delivery procedure. See Introduction to ÃÛ¶¹ÊÓƵ Experience Manager as a Cloud Service to learn more about AEM as a Cloud Service.
Organization Level Product Instances org-level-product-instances
When ÃÛ¶¹ÊÓƵ processes the licensing of an AEM solution for the first time, two Product Instances will appear in ÃÛ¶¹ÊÓƵ Admin Console, under the ÃÛ¶¹ÊÓƵ Experience Manager as a Cloud Service Product:
- AEM Org-Level - contains one or more Product Profile that represent access to features that are scoped to all AEM environments, rather than just to a single one
- Cloud Manager - contains Product Profiles corresponding to different levels of access to Cloud Manager features.
Inside the AEM Org-Level Product Instance is a Product Profile named AEM Org-Level Reporters, which is not used at this time, but may be in the future to represent access to retrieving information about AEM product licenses.
When a Forms Communication Solution is licensed, a corresponding product profile will appear under the AEM Org-level Product Instance as well.
Environment and Tier Level Product Instances environment-and-tier-level-product-instances
Upon provisioning new programs with one or more AEM environments, two Product Instances will appear per environment, containing Product Profiles for author and publish, respectively.
Below are the Product Profiles in an author Product Instance, for an organization that has provisioned an environment in a program containing AEM Sites:
The following table describes a list of the possible Product Profiles below an environment-tier-specific Product Instance.
Note that each Product Profile has an associated Product Profile Service enabled by default. Unless you have complex access requirements, it is recommended to keep just the Default Service selected. A corresponding AEM group will be created in AEM with the naming convention <Product Profile Prefix> - Service
(for example, AEM Sites Content Managers - Service), and the users in the parent product profiles will automatically become members of that corresponding AEM group.
The AEM group in AEM associated with the service will have the aggregated set of users that exist in all the associated Product Profiles of that service for that environment-tier combination.
The following image represents the AEM groups reflecting the AEM Sites Content Managers author tier Product Profile and service.
- To learn more about AEM product profiles, see Assigning AEM Product Profiles.
- For more information on the onboarding process, see onboarding journey.
Adding Product Profiles for Existing Environments adding-product-profiles-for-existing-environments
Environments created before early November 2024 may be missing the Org-Level product instance described in sections above, as well as certain product profiles. Existing product profiles will also be missing the service toggles. It is recommended to update those product profiles, which is a prerequisite for accessing some future APIs.
If one or more environments in a program needs its product profiles updated, Cloud Manager will show the notice below. Note that an environment must be on the latest AEM version before its product profiles can be updated.
Clicking the Add Product Profiles button will open a menu that displays options to add new product profiles to all environments available in the program or individual environments.
Click All Environments to add the new product profiles to all environments in the program. Alternatively, click Individual Environments to add the new product profiles to selected environments; this navigates the user to an Environments listing page, where an Add Product Profiles action can be selected from the More Options icon.
You can also add product profiles to selected environments by navigating to the Program Overview page’s Environments section, clicking the More Options icon corresponding to an environment, and selecting Add Product Profiles.
The status of the environment displays Adding Product Profiles while the new product profiles are being added and subsequently displays Running when the process is complete.
Cloud Manager Product Profiles cloud-manager-product-profiles
Cloud Manager has pre-configured product profiles which can be thought of as role-based permissions. Your system administrator is responsible for setting up your Cloud Manager team by assigning them to these product profiles.
Each of the product profiles have specific permissions associated with them.
-
Business Owner
- In this role you have the permission to add a new program or edit a program, add or update an environment, deploy code to AEM environment, or execute code quality checks.
- This user is responsible for defining KPIs, approving production deployments, and overriding important 3-tier failures when necessary.
-
Deployment Manager
- In this role, you have the permission to add or update an environment, run any pipeline, and deploy code to AEM environment, or execute code quality checks.
- This user manages deployment operations and uses Cloud Manager to execute staging/production deployments, edit CI/CD pipelines, approve important 3-tier failures when necessary, and can access the git repository.
-
Developer
- In this role, you have the permission to generate personal access tokens to access git.
- This user develops and tests custom application code and primarily uses Cloud Manager to view deployment status and can access the git repository for code commits.
-
Program Manager
- In this role, you have the permission to schedule pipelines, override the 3-tier quality gates, and provide production approval.
- This user uses Cloud Manager to perform team setup, review status, view KPIs, and can approve important 3-tier failures when necessary.
A user can be assigned to multiple product profiles. For example, assigning both Business Owner and Deployment Manage r roles to a user gives them the sum of these permissions.
Your Cloud Manager team will include at least:
- One Business Owner, who is typically also the system administrator, and must be the first person to login and access Cloud Manager
- One Deployment Manager
- One Developer
AEM Users
or AEM Administrators
. Permissions to administer Cloud Manager will not suffice.- To learn more about Cloud Manager product profiles, see Assigning Team Members to Cloud Manager Product Profiles.
- For more information on the onboarding process, see onboarding journey.