ACL Yaml Scripts Issue

Question

Hi AEM Community,
 
I am generating User Groups and their permissions via AC Tool following the below documentation -
https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Configuration.md
 
The YAML file changes are correctly visible on RDE via AC Tool.
However, the permissions defined for multiple groups are not reflecting correctly in AEM.
 
Please find the below data points -
1. YAML File
- group_config:    - group-A:        - name: "Group A"          description: Base Group for Group A          isMemberOf :            -everyone            -dam-users          path: global    - group-B:        - name: "Group B"          description: Base Group for Group B          isMemberOf: group-A          path: global
- ace_config:    - group-A:        - path: /content          permission: allow          privileges: jcr:read        - path: /content/dam          permission: allow          privileges: jcr:read
 
- group-B:    - path: /var/workflow/models      permission: deny      privileges: jcr:all
When this YAML file is deployed to RDE, The permissions for Group A are correctly visible while for Group B they are not reflecting.
 
The YAML file is valid as validated on an online validator.
What could be the reason for this behavior? Any pointers?
 
@markusbullaadobe, @arunpatidar, @kautuk_sahni 
 
Thanks in advance,

Rohan_Garg · Accepted Answer

Update(2) - The issue is because of yaml file even though the online yaml validators are showing the file correct. I trimmed the yaml file to basics and applied the configuration, it worked!

Query - Is there any reason as to why online yaml validator and AC Tool's YAML parser with ConfigurationAdmin Plugin will have different results for same file?

Installation triggered: Tue Jul 04 01:53:23 UTC 2023

01:23:23.502: *** Applying AC Tool Configuration...
01:23:23.502: Running with v3.0.9 on instance id f9d383ac-8509-48f1-9bc9-9ffab13435be
01:23:23.502: Using YAML parser with ConfigurationAdmin Plugin placeholder support
01:23:23.502: Using configuration file /apps/eq-dam/acls/group/1.yaml
01:23:23.503: /apps/eq-dam/acls/group/1.yaml has no instructions
01:23:23.503: Using configuration file /apps/eq-dam/acls/group/base-group.yaml
01:23:23.517: Loaded configuration in 14ms
01:23:23.824: Retrieved existing ACLs from repository in 307ms
01:23:23.824: *** Starting installation of 9 authorizables from configuration...
01:23:23.826: Prefetched authorizables in 2ms
01:23:23.918: Prefetched 358 memberships in 92ms
01:23:23.928: Created 0 authorizables (moved 0 authorizables)
01:23:23.928: Finished installation of authorizables without errors in 103ms
01:23:23.932: For paths not contained in the configuration: Cleaned 1 ACEs of path /var/workflow from all ACEs for configured authorizables
01:23:23.932: For paths not contained in the configuration: Cleaned 1 ACEs from 1 paths in repository (ACEs that belong to users in the AC Config, but resided at paths that are not contained in AC Config)
01:23:23.932: *** Starting installation of 39 ACE configurations for 12 paths in content nodes using strategy AceBeanInstallerIncremental...
01:23:24.054: ACL Update Statistics: Changed=10 Unchanged=1 Path not found=1 (action cache hit/miss=0/0)
01:23:24.054: *** Finished installation of 12 ACLs in 121ms
01:23:24.338: Persisted changes of ACLs
01:23:24.338: Successfully applied AC Tool configuration in 836ms
Execution time: 836 ms
Success: true

Rohan_Garg · Answer

Update - The configurations are not being applied correctly. Please find the below logs -

Installation triggered: Tue Jul 04 00:52:42 UTC 2023
00:52:42.088: *** Applying AC Tool Configuration...
00:52:42.088: Running with v3.0.9 on instance id f9d383ac-8509-48f1-9bc9-9ffab13435be
00:52:42.088: Using YAML parser with ConfigurationAdmin Plugin placeholder support
00:52:42.088: Loaded configuration in 0ms
00:52:42.459: Retrieved existing ACLs from repository in 370ms
00:52:42.460: *** Starting installation of 0 authorizables from configuration...
00:52:42.461: Prefetched authorizables in 1ms
00:52:42.581: Prefetched 358 memberships in 120ms
00:52:42.581: Created 0 authorizables (moved 0 authorizables)
00:52:42.581: Finished installation of authorizables without errors in 121ms
00:52:42.581: No relevant ACEs to install
00:52:42.581: No changes were made to ACLs (session has no pending changes)
00:52:42.581: Successfully applied AC Tool configuration in 493ms
Execution time: 493 ms
Success: true

There are no changes being made to the ACLs. When I download the dump then I can see that these changes are not being reflected.
Any pointers on why this would happen if the YAML is valid & is correctly being updated on RDE with no errors yet there are no authorizables or changes being deployed on the instance.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded