Adobe Experience Manager Sites & More

RekhaRa4 · 5/14/25

Hi Community,

I am trying to do a task where I have created 3 sets of users and 3 sets of groups, each with a user. I have certain sets of permissions for each of these group of users - specifically for modifications of webpages within the website. However I am unable to add these ACL permissions programmatically, even after committing via git commands the permission policy nodes are not getting created. This is leading me to manually provide permissions to users everytime I login using a specific user. Can anyone let me know on how can this be acheived.

aanchal-sikka · 5/21/25

@RekhaRa4

There are various options to set-up ACLs:

Repo-init (Recommended for setting ACLs in immutable areas)
ACL packages
Netcentric (Recommended for setting ACLs in mutable areas)

Various available options are listed here: https://techrevel.blog/2024/03/04/from-setup-to-migration-the-best-tools-for-acl-management-in-aem/

I would not recommend committing ACLs as part of code base as repo:policy nodes. However, if you need to, please verify if following config is available

<configuration>
        <properties>
             <acHandling>Overwrite</acHandling>
        </properties>
</configuration>

For details, refer https://stackoverflow.com/questions/29710649/how-to-deploy-reppolicy-files-via-maven

Aanchal Sikka

View solution in original post

SantoshSai · 5/14/25

Hi @RekhaRa4,

The preferred method for managing users, groups, and permissions is through Repository Initialization (RepoInit) scripts. These scripts allow you to define repository structures and access controls declaratively, ensuring consistency across environments.

Here's an example of a RepoInit script that creates users, groups, and assigns permissions:

create group editors
create user editor1 with password "editor1pass"
add user editor1 to group editors

set ACL on /content/your-site
    allow group editors
        read,
        modify,
        create,
        delete
end

You can define multiple blocks like this for each group.

Packaging and Deployment

Create the RepoInit Script File: Save your script in a file named, for example, permissions.repoinit.
Place the File in the Appropriate Directory: Add the file to your project's ui.config module under the path:

ui.config/src/main/content/jcr_root/apps/<your-project>/osgiconfig/config.author/

Define the OSGi Configuration: Create an OSGi configuration file named org.apache.sling.jcr.repoinit.RepositoryInitializer~<your-config-name>.config in the same directory with the following content: (https://drewrobinson.com/blog/aem-repository-initialization-with-repoinit?utm_source=chatgpt.com)

scripts=[
    "create group editors",
    "create user editor1 with password \"editor1pass\"",
    "add user editor1 to group editors",
    "set ACL on /content/your-site",
    "    allow group editors",
    "        read,",
    "        modify,",
    "        create,",
    "        delete",
    "end"
]

Alternatively, for multiline scripts, you can use the .config format which supports better readability:

scripts=[
"
create group editors
create user editor1 with password \"editor1pass\"
add user editor1 to group editors

set ACL on /content/your-site
    allow group editors
        read,
        modify,
        create,
        delete
end
"
]

Deploy via Cloud Manager: Commit your changes and deploy them using AEM Cloud Manager. The RepoInit scripts will be executed during the deployment process, applying the defined configurations.

For more detailed information on RepoInit and its capabilities, you can refer to the following resources:

Apache Sling RepoInit Documentation
Adobe Experience Manager's Sling RepoInit: When Should You Use It?

Hope that helps!

Santosh Sai

Preetpal_Bindra · 5/14/25

Hi @RekhaRa4

To understand the problem better, do you mind posting the code you used that did not work?

Supriya_Savre · 5/20/25

Hi @RekhaRa4,

Did the shared solution help you out? Please let us know if you need more information. Otherwise kindly consider marking the most suitable answer as ‘correct’.

If you've discovered a solution yourself, we would appreciate it if you could share it with the community.

aanchal-sikka · 5/21/25

@RekhaRa4

There are various options to set-up ACLs:

Repo-init (Recommended for setting ACLs in immutable areas)
ACL packages
Netcentric (Recommended for setting ACLs in mutable areas)

Various available options are listed here: https://techrevel.blog/2024/03/04/from-setup-to-migration-the-best-tools-for-acl-management-in-aem/

I would not recommend committing ACLs as part of code base as repo:policy nodes. However, if you need to, please verify if following config is available

<configuration>
        <properties>
             <acHandling>Overwrite</acHandling>
        </properties>
</configuration>

For details, refer https://stackoverflow.com/questions/29710649/how-to-deploy-reppolicy-files-via-maven

Aanchal Sikka

kautuk_sahni · 6/27/25

@RekhaRa4 Just checking in — were you able to resolve your issue?
We’d love to hear how things worked out. If the suggestions above helped, marking a response as correct can guide others with similar questions. And if you found another solution, feel free to share it — your insights could really benefit the community. Thanks again for being part of the conversation!

Adobe Experience Manager Sites & More

ACL Permissions to be added or modified

Packaging and Deployment

Santosh Sai

Kautuk Sahni

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe