Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Anonymous havn't access to cloud service under /etc

Avatar

Level 1

Hi all, i got an issue with cloud services. on AEM 6.4
I have created the google-analytics cloud service under Generic Analytics Snippet.

And all works fine on all instances if:

1) I'm still logged in(admin admin)

2) if  give an access to anonymous user in /useradmin to read /etc/cloudservices/generic-tracker/google-analytics


But here comes the problem, if i haven't logged in, on publish there is no google-assistant inside the div class="cloudservice generictracker" it is empty at all.

For dispatcher there is only 1 way that i found -> give access to anonymous user(2).

Is that even correct that cloud services needs that accesses?

How could i do it more clearly, instead of abusing anonymous access rights?

P.S. i configured all with thoose guides Analytics with External Providers

<div data-sly-resource="${'cloudservices' @ resourceType='cq/cloudserviceconfigs/components/servicecomponents'}" data-sly-unwrap></div> added in body

<sly data-sly-include="/libs/cq/cloudserviceconfigs/components/servicelibs/servicelibs.jsp" /> added in head

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

By default, the anonymous user has read access on the following folders which includes some of the cloud services. Based on the third party services you are using, you need to provide the read access. This is not a security vulnerability.

Screen Shot 2019-08-08 at 11.35.42 AM.png

View solution in original post

3 Replies

Avatar

Correct answer by
Employee Advisor

By default, the anonymous user has read access on the following folders which includes some of the cloud services. Based on the third party services you are using, you need to provide the read access. This is not a security vulnerability.

Screen Shot 2019-08-08 at 11.35.42 AM.png

Avatar

Level 1

So if i understand right, i should give the permission to read my google-analytics cloud to 'everyone' user-group not only 'anonymous' user?
1809983_pastedImage_0.png

Avatar

Employee Advisor

Just give the read permissions for anonymous user, which is the user used by the publish instance to load the content.

That said, Please do not change the "everyone" user access as it resets every time after the restart.