RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service | Community
Skip to main content
S
shivanigarg111
April 16, 2021
Solved

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

  • April 16, 2021
  • 1 reply
  • 4152 views

Hi,

 

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set 

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server,  it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

 

To summerize, The issue is while cloud manager deploy my codebase with the repoinit config, it fails at deploy to dev step and says I can't set read access to /libs hierarchy. Ideally AEM says I can do that at the time of deployment, but not at the runtime

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Asutosh_Jena_

Hi @shivanigarg111 

 

I tried with the below script and getting a different error though.

create service user test-user
set ACL on /libs/dam/content
allow jcr:read for test-user
end

Error:

INFO: Adding ACL 'allow' entry '[jcr:read]' for [test-user] on [/libs/dam/content]

ERROR: Failed to set ACL (javax.jcr.PathNotFoundException: Cannot set ACL on non-existent path /libs/dam/content) AclLine ALLOW {principals=[test-user], privileges=[jcr:read]} 

 

Debugging further. Will keep posted if I find anything.

 

Thanks!

1 reply

Asutosh_Jena_
Community Advisor
Asutosh_Jena_Community AdvisorAccepted solution
Community Advisor
April 16, 2021

Hi @shivanigarg111 

 

I tried with the below script and getting a different error though.

create service user test-user
set ACL on /libs/dam/content
allow jcr:read for test-user
end

Error:

INFO: Adding ACL 'allow' entry '[jcr:read]' for [test-user] on [/libs/dam/content]

ERROR: Failed to set ACL (javax.jcr.PathNotFoundException: Cannot set ACL on non-existent path /libs/dam/content) AclLine ALLOW {principals=[test-user], privileges=[jcr:read]} 

 

Debugging further. Will keep posted if I find anything.

 

Thanks!

    Asutosh_Jena_
    Community Advisor
    Asutosh_Jena_Community Advisor
    Community Advisor
    April 16, 2021

    Hi @shivanigarg111 

     

    /libs/dam/content - This is a valid path still it gives the error.

    but when I try to use some path under /conf it works!

     

    Looks like it's an issue with AACS and we might need to reach out to Adobe and see why it does not work based on the documentation.

     

    Also I tried to move the configs to ui.config and dpeloyed which did not solve the issue.

    Can you also give a try and see if it works for you?

     

     

    Thanks!

      Terms & ConditionsAccessibility statement

      Loading footer...