In the past, I've had several clients requesting access to the OSGi console, or /system/console, for users other then the built in "admin" user.  This is a fairly straightforward configuration but there is limited information about it online.  Out of the box CQ permissions unfortunately do not handle the OSGi / Felix stack.  Because of this, assigning a user to the "administrators" group in CQ is not enough to grant them access to the OSGi console.  This has its upside, though, as typically the configurations found in the OSGi Console can greatly affect how the server runs/operates it is a best practice to limit access to a handful of knowledgable users.

The bundle that we need to configure has the package name of:  In the OSGi console, you can set the users by doing the following:

  1. Navigate to /system/console/configMgr
  2. Click the "edit" button next to "Apache Sling Web Console Security Provider"
  3. Add users/groups to the appropriate field.  It expects a comma separated list (i.e admin,testuser, ...)
  4. Click save

However, the best practice for configuring CQ Bundles is by creating a file within your CQ repository under /apps/system/config.  Given that the bundle we are configuring has the name "", the file we must create under /apps/system/config must be named "" (this is assuming a global configuration, use config.<runmode> to do runmode specific configurations - i.e.

The content of this file must specify the values for the allowed users and groups for the OSGi console.  Here is a sample content of the config file, allowing the user "admin" and the group "administrators" to have access:


If you wanted to allow several users/groups, again this is a comma separated list.  For example, if you wanted to allow both the "admin" user and "test" user, it would look like the following:


Hope this helps!