AEM 6.4 Anonymous user _ everyone group _ access rights issue



Hi AEM Community,

We are facing a very typical issue. On our AEM 6.4 publish instances.

Content pages stop loading abruptly. While investigating further over the issue we come to know, anonymous users permissions are vanished.

We restored them manually. Again in sometime (@20 to 40 hrs)  we are seeing similar issue and looking further seeing somehow 'everyone' group's access rights are compromised (are removed somehow).

On strange note - this issue is happening frequently on random Publish server (we have 4 publish serves in a topology in 2 different zones globally - US & EU D.C.)

This issue is preventing us to cutover from AEM 6.2 to 6.4

Has anyone come across such issue ?

Accepted Solutions (1)

Accepted Solutions (1)



Seems Adobe Product team has recognized the issue and ported fix for it, into SP2. We are going to apply and further verify for same.

However sharing it's details here too - it may be helpful for other over AEM forum/community.

AEM Release Notes  ( URL - ttps://  )

- Remove default MERGE_PRESERVE aclHandling. NPR-24593: Hotfix for Granite-21889

Answers (4)

Answers (4)



Thanks for your inputs & efforts to look into this.

Certainly with our Adobe account channel we are in communication with Product support, now, to get appropriate fix for the issue.



I talked to customer support about this. They saw this behaviour in older version. They asked you to open a support ticket as you may need to get a hotfix for this issue. 



While doing more checking from our end - we could find a below scenario

1) We choose a random user


2) replicate it from Author

3) Check replication log (on USPubx)

Replication successful.

4)load the CRX DE for anonymous users (on USPubx)

CRX DE is showing only / (root) path but not other paths.

5)Now, restart the AEM 6.4 (USPubx) instance.

Restart brings back the anoymous user read permissions but also adds /home path.








The /home also exposes

/home/groups and


along with all child nodes.

That's the matter of concern from security stand point.