AEM 6.5 - Adding JCR access policy NOT CUG



I got stuck on CUG and this is NOT what I am looking for. 


We require to add jcr:write access for a single user to a new node that we create also through code.  All I can find is code examples prior 6.3 change to CUG, but these are no longer working


How can we still use AccessControlList.addEntry(principal, privileges, true) in AEM 6.5 or is this no longer allowed and should we user CUG?


(I understand this only is used to grant Read access to nodes)


Accepted Solutions (1)

Accepted Solutions (1)




Hi @Eric_Stricker,

Use AccessControlList.addAccessControlEntry(principal, privileges) followed by setPolicy using AccessControlManager API.

Code snippet:

try {
	Authorizable authorizable = userMgr.getAuthorizable(userIdStr); 
	Principal userPrincipal = authorizable.getPrincipal();	// prinicipal object from user/group id	
	Privilege[] writePrivileges = new Privilege[] { acmMgr.privilegeFromName(Privilege.JCR_WRITE) };   // JCR_WRITE privilege object		
	AccessControlPolicyIterator itr = acmMgr.getApplicablePolicies(pageNode.getPath());   // pageNode -> node for which we are trying to set policy
	while (itr.hasNext()) {				
		AccessControlPolicy policy = itr.nextAccessControlPolicy();
		if (policy instanceof AccessControlList) {					
			AccessControlList acl = (AccessControlList) policy;
			acl.addAccessControlEntry(userPrincipal, writePrivileges); // creates ACE 
			acmMgr.setPolicy(pageNode.getPath(), acl); // adds ACL to the desired node
catch (RepositoryException e) {
	LOG.error("Repository Exception={}", e.getMessage());


Answers (0)