Hi,
We are aware that the ACL permissions are stored as Child Nodes of rep:policy of that particular node.
I created a group authgrp and assigned some ACLs, Some of these ACLs are getting stored, while some are not.
Ex: I assigned read permission to group authgrp on the /etc node using useradmin console, but in /etc/rep:policy folder, none of the allow nodes has authgrp as the rep:principalname property.
Could you please explain?
Appreciate your help.
Thanks,
Rama.
Solved! Go to Solution.
Views
Replies
Total Likes
Rama,
rep:principalname is mandatory & missing it sounds suspicious or a bug. File a support case.
Thanks,
Views
Replies
Total Likes
When I package using ACS ACL Packer (selecting principal as authgrp and not selecting includepaths, and installing on another AEM instance, the read permission for authgrp for /etc is missing.
Infact, this is what has prompted me to analyze the JCR only to find that there is no entry in /etc/rep:policy node.
Has anyone faced this?
Thanks,
Rama.
Views
Replies
Total Likes
Honestly didn't get your question. What is the real issue here?.
Views
Replies
Total Likes
Hi,
1. I created a group authgrp and assigned some privileges, including read permission on /etc. Of course I saved it.
2. When I created a package using ACS ACL Packager and installed on a different AEM instance, this read access on /etc node for this group was not showing.
3. I came back to the first AEM instance and verified whether the ACL info was stored appropriately.
4. Under /etc/rep:policy node, there are some allows and some denys nodes.
5. None of the allows has authgrp as the rep:principalname property. Then I assumed that the ACL was not saved correctly in the first place.
Is it clear now?
Could you please help?
Appreciate your help.
Thanks,
Rama.
Views
Replies
Total Likes
Here is an older KB that may help
https://helpx.adobe.com/experience-manager/kb/ACLsMigration.html
Views
Replies
Total Likes
In this case, my suspicion is that ACLs are not properly stored in the source AEM, in the first place.
Not sure the way of verifying ACL storage, I explained earlier, is correct.
Once I clear this doubt, I could concentrate on ACL Migration.
Thanks,
Rama.
Views
Replies
Total Likes
Rama,
rep:principalname is mandatory & missing it sounds suspicious or a bug. File a support case.
Thanks,
Views
Replies
Total Likes
Thanks for explaining your case in details. I understand it.
It could be a bug as @Sham pointed out. However, I would still try with AEM Package manager just to confirm it. I would recommend creating a package in AEM without the help of a tool. And, move ACL Info to another system using this package. let's see whether this is a bug or tool issue.
--Jitendra
Views
Replies
Total Likes
Hi,
How to use regular Package Manager to pack ACLs?
Let us say it is for /etc.
It it by adding /etc/rep:policy node in the filters?
or /etc/rep:policy/allow node corresponding to the principal? If this is the second case, I do not have an allow node corresponding to the principal.
Thanks,
Rama.
Views
Replies
Total Likes
try /etc/rep:policy node in filters
Views
Replies
Total Likes
Hi all,
This issue was never resolved.
Some nodes still have rep:policy with appropriate privileges and some do not.
Thanks,
Rama.
Views
Replies
Total Likes
Views
Likes
Replies