Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

AEM as a cloud - ACL Permissions Deployment

Avatar

Level 1
Level 1
6/1/21 11:00:35 AM

Hi Team,

 

We are using AEM as a cloud service and wanted to know the best practices for migrating user permissions to higher AEM environments i.e. QA, Stage, Prod. I am aware about  ACS commons ACL packager but we will mostly likely not have permissions to deploy packages on the higher environments. Can you suggest some possible solutions?

 

Also, can we deploy these permissions as part of code deployment?

 

Thanks,

Manpreet

Views

3.1K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/2/21 1:26:48 AM

Hi @Manpreetkaur908!

Please have a look at Netcentrics ACL Tool [1]. With that approach, you can define your permission setup in YAML syntax and deploy it consistently across your environments along with your code deployments. It is a general recommendation I make to all my customers in all my projects. Also it is Cloud Service compatible.

 

Quoting from the GitHub readme:

The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complex Access Control Lists in AEM. Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. See Comparison to other approches for a comprehensive overview.

Features:

  • easy-to-read Yaml configuration file format
  • run mode support
  • automatic installation with install hook
  • cleans obsolete ACL entries when configuration is changed
  • ACLs can be exported
  • stores history of changes
  • ensured order of ACLs
  • built-in expression language to reduce rule duplication

Hope that helps!

 

[1] https://github.com/Netcentric/accesscontroltool

View solution in original post

Views

3.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/2/21 1:26:48 AM

Hi @Manpreetkaur908!

Please have a look at Netcentrics ACL Tool [1]. With that approach, you can define your permission setup in YAML syntax and deploy it consistently across your environments along with your code deployments. It is a general recommendation I make to all my customers in all my projects. Also it is Cloud Service compatible.

 

Quoting from the GitHub readme:

The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complex Access Control Lists in AEM. Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. See Comparison to other approches for a comprehensive overview.

Features:

  • easy-to-read Yaml configuration file format
  • run mode support
  • automatic installation with install hook
  • cleans obsolete ACL entries when configuration is changed
  • ACLs can be exported
  • stores history of changes
  • ensured order of ACLs
  • built-in expression language to reduce rule duplication

Hope that helps!

 

[1] https://github.com/Netcentric/accesscontroltool

Views

3.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
4/26/22 4:01:58 PM
In response to markus_bulla_adobe

hi Markus, i have an issue where if my acl is in a separate module, on the cloud manager it doesnt install my acl module it did install the acl tool

 

i inspect the build logs doesnt seem to show any error

on my local aem sdk it works fine, as in it deployes ui apps, ui content and also the acl module

Views

2.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
4/27/22 1:51:49 AM
In response to icegoffy

Hi @icegoffy!

It's a bit hard to give advice without additional background and being able to analyze the issue.

My suggestion would be:

  • Have you checked the AC Tools UI to see if your YML definition files are actually picked up and if there is any additional information?
  • Are your AC definitions covering immutable/read-only areas in the repository? In that case, you might have to convert them to RepoInit statements (see this thread).
  • You are mentioning the module structure of your project. Maybe the installation order of your modules leads to AC definitions not being picked up because they are installed before the AC Tool is installed/functional on the instance?

 

Hope that helps!

Views

2.5K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
5/8/22 10:19:48 PM
In response to markus_bulla_adobe

i got it working now, it was due to my permissions module be set to cloudManagerTarget as none, which results in the permission module not being deployed!

 

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate