Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Anonymous havn't access to cloud service under /etc

germanf88334862
Level 1
Level 1

Hi all, i got an issue with cloud services. on AEM 6.4
I have created the google-analytics cloud service under Generic Analytics Snippet.

And all works fine on all instances if:

1) I'm still logged in(admin admin)

2) if  give an access to anonymous user in /useradmin to read /etc/cloudservices/generic-tracker/google-analytics


But here comes the problem, if i haven't logged in, on publish there is no google-assistant inside the div class="cloudservice generictracker" it is empty at all.

For dispatcher there is only 1 way that i found -> give access to anonymous user(2).

Is that even correct that cloud services needs that accesses?

How could i do it more clearly, instead of abusing anonymous access rights?

P.S. i configured all with thoose guides Analytics with External Providers

<div data-sly-resource="${'cloudservices' @ resourceType='cq/cloudserviceconfigs/components/servicecomponents'}" data-sly-unwrap></div> added in body

<sly data-sly-include="/libs/cq/cloudserviceconfigs/components/servicelibs/servicelibs.jsp" /> added in head

1 Accepted Solution
jbrar
Correct answer by
Employee
Employee

By default, the anonymous user has read access on the following folders which includes some of the cloud services. Based on the third party services you are using, you need to provide the read access. This is not a security vulnerability.

Screen Shot 2019-08-08 at 11.35.42 AM.png

View solution in original post

0 Replies
jbrar
Correct answer by
Employee
Employee

By default, the anonymous user has read access on the following folders which includes some of the cloud services. Based on the third party services you are using, you need to provide the read access. This is not a security vulnerability.

Screen Shot 2019-08-08 at 11.35.42 AM.png

View solution in original post

germanf88334862
Level 1
Level 1

So if i understand right, i should give the permission to read my google-analytics cloud to 'everyone' user-group not only 'anonymous' user?
1809983_pastedImage_0.png

jbrar
Employee
Employee

Just give the read permissions for anonymous user, which is the user used by the publish instance to load the content.

That said, Please do not change the "everyone" user access as it resets every time after the restart.