Anonymous havn't access to cloud service under /etc

germanf88334862 08-08-2019

Hi all, i got an issue with cloud services. on AEM 6.4
I have created the google-analytics cloud service under Generic Analytics Snippet.

And all works fine on all instances if:

1) I'm still logged in(admin admin)

2) if  give an access to anonymous user in /useradmin to read /etc/cloudservices/generic-tracker/google-analytics


But here comes the problem, if i haven't logged in, on publish there is no google-assistant inside the div class="cloudservice generictracker" it is empty at all.

For dispatcher there is only 1 way that i found -> give access to anonymous user(2).

Is that even correct that cloud services needs that accesses?

How could i do it more clearly, instead of abusing anonymous access rights?

P.S. i configured all with thoose guides Analytics with External Providers

<div data-sly-resource="${'cloudservices' @ resourceType='cq/cloudserviceconfigs/components/servicecomponents'}" data-sly-unwrap></div> added in body

<sly data-sly-include="/libs/cq/cloudserviceconfigs/components/servicelibs/servicelibs.jsp" /> added in head

Accepted Solutions (1)

Accepted Solutions (1)

jbrar
Employee
08-08-2019

By default, the anonymous user has read access on the following folders which includes some of the cloud services. Based on the third party services you are using, you need to provide the read access. This is not a security vulnerability.

Screen Shot 2019-08-08 at 11.35.42 AM.png

Answers (2)

Answers (2)

jbrar
Employee
09-08-2019

Just give the read permissions for anonymous user, which is the user used by the publish instance to load the content.

That said, Please do not change the "everyone" user access as it resets every time after the restart.

germanf88334862 09-08-2019

So if i understand right, i should give the permission to read my google-analytics cloud to 'everyone' user-group not only 'anonymous' user?
1809983_pastedImage_0.png