Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

ACL Reporting

Avatar

Level 2

Is there a way, outside of custom code, to generate a report of all ACLs?  I am really just interested in everything under /content.  I am currently creating a package of /content, unzipping the file, then searching all the _rep_policy.xml files.  It's very tedious and error-prone.

1 Accepted Solution

Avatar

Correct answer by
Level 5

Hi @AEM_Dan, I don't think there is any OOTB way to fetch ACLs. You can explore the ACS Commons plugin called User Exporter here - https://adobe-consulting-services.github.io/acs-aem-commons/features/exporters/users/index.html which might be useful in pulling in the report; basically a list of users under certain groups.

For ACLs probably you might have to write a custom code.

View solution in original post

4 Replies

Avatar

Correct answer by
Level 5

Hi @AEM_Dan, I don't think there is any OOTB way to fetch ACLs. You can explore the ACS Commons plugin called User Exporter here - https://adobe-consulting-services.github.io/acs-aem-commons/features/exporters/users/index.html which might be useful in pulling in the report; basically a list of users under certain groups.

For ACLs probably you might have to write a custom code.

Avatar

Community Advisor

Hi @AEM_Dan, you can try to use ACS Commons Report Builder - [1]. It use SQL query so it is flexible in terms of collecting data that will be included in the report. It allows to browse report results directly in AEM or/and download it and review offline. I think you should be able to achieve your goal by creating proper query.

[1] - https://adobe-consulting-services.github.io/acs-aem-commons/features/report-builder/index.html

Avatar

Level 2

Thanks guys.  Do you know the syntax to retrieve ACLs using SQL (or x-path, QureyBuilder, etc)?  Or could point me to documentation?  I've searched before and can't find anything.

Avatar

Community Advisor

@AEM_Danyou can try one of below queries as a starting point, those are SQL2 query

  • it will return all allow and deny nodes that are stored under rep:policy node
    SELECT * FROM [rep:GrantACE] AS s WHERE ISDESCENDANTNODE([/content]) UNION SELECT * FROM [rep:DenyACE] AS s WHERE ISDESCENDANTNODE([/content])
    This query will require custom index to be created you can use OAK index generator for that https://oakutils.appspot.com/generate/index
  • this will return rep:policy nodes
    SELECT * FROM [rep:ACL] AS s WHERE ISDESCENDANTNODE([/content])