Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

ACS Commons ACL Packager

Avatar

Level 3

Hi Team,

 

I am using AEM as a cloud service and want to  migrate user permissions to higher AEM environments i.e. QA, Stage, Prod. I am aware about  ACS commons ACL packager but we will mostly likely not have permissions to deploy packages on the higher environments. Can you suggest some possible solutions?

 

Also, can we deploy these permissions as part of code deployment?

 

Thanks

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @krist_wang,

If you want to manage your permissions model as part of the code, you can check below options as an alternative to ACS Commons ACL Packager:

  • AC Tool - this is powerful tool compatible with AEM as a Cloud Service, it provides developer friendly syntax that base on YAML, it also provides mechanism to apply permission automatically, respects run modes any many more
  • Apache Sling Repozitory Initialization - it is much simpler than AC Tool and it is part of AEM OOTB, if your permissions model is not complex, and you don't want 3rd party tools on AEM you can consider that

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi @krist_wang,

If you want to manage your permissions model as part of the code, you can check below options as an alternative to ACS Commons ACL Packager:

  • AC Tool - this is powerful tool compatible with AEM as a Cloud Service, it provides developer friendly syntax that base on YAML, it also provides mechanism to apply permission automatically, respects run modes any many more
  • Apache Sling Repozitory Initialization - it is much simpler than AC Tool and it is part of AEM OOTB, if your permissions model is not complex, and you don't want 3rd party tools on AEM you can consider that

Avatar

Community Advisor

Hi @krist_wang ,

I agree with @lukasz-m about using the Netcentric AC Tool to manage the user and group permission.

Checkout this migration to AC Tool page https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Migration.md to create the AC permission in the code repo.

Avatar

Community Advisor

We used Apache Sling Repository Initialization for managing permissions across environments. This tooling is provided and recommended by Adobe.

 

The syntax is pretty straightforward once you try some examples. A ton of examples are listed in this documentation for you to get started with:

 

https://sling.apache.org/documentation/bundles/repository-initialization.html#repoinit-parser-test-s... 

 

From my experience,

1. for multiple websites we had just one centralized Repo Init script so that the permissions are all at one place and there are no overlaps and issues of overriding permissions from across multiple Repo Init scripts,

2. avoid making permission changes manually once Repo Init scripts are implemented. This could cause errors in Repo Init scripts, and,

3. test, test, test.

 

Hope this helps!

 

thanks,
Preetpal Singh