Child Nodes of rep:policy | Community
Skip to main content
N
nsvsrk
Level 8
March 8, 2016
Solved

Child Nodes of rep:policy

  • March 8, 2016
  • 10 replies
  • 5090 views

Hi,

We are aware that the ACL permissions are stored as Child Nodes of rep:policy of that particular node.

I created a group authgrp and assigned some ACLs, Some of these ACLs are getting stored, while some are not.

Ex: I assigned read permission to group authgrp on the /etc node using useradmin console, but in /etc/rep:policy folder, none of the allow nodes has authgrp as the rep:principalname property.

Could you please explain?

Appreciate your help.

Thanks,

Rama.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

Rama,

rep:principalname  is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

10 replies

N
nsvsrkAuthor
Level 8
March 8, 2016

When I package using ACS ACL Packer (selecting principal as authgrp and not selecting includepaths, and installing on another AEM instance, the read permission for authgrp for /etc is missing.

Infact, this is what has prompted me to analyze the JCR only to find that there is no entry in /etc/rep:policy node.

Has anyone faced this?

Thanks,

Rama.

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
March 8, 2016

Honestly didn't get your question. What is the real issue here?.

N
nsvsrkAuthor
Level 8
March 8, 2016

Hi,

1. I created a group authgrp and assigned some privileges, including read permission on /etc. Of course I saved it.

2. When I created a package using ACS ACL Packager and installed on a different AEM instance, this read access on /etc node for this group was not showing.

3. I came back to the first AEM instance and verified whether the ACL info was stored appropriately.

4. Under /etc/rep:policy node, there are some allows and some denys nodes.

5. None of the allows has authgrp as the rep:principalname property. Then I assumed that the ACL was not saved correctly in the first place.

Is it clear now?

Could you please help?

Appreciate your help.

Thanks,

Rama.

smacdonald2008
smacdonald2008
Level 10
March 8, 2016

Here is an older KB that may help

https://helpx.adobe.com/experience-manager/kb/ACLsMigration.html

N
nsvsrkAuthor
Level 8
March 8, 2016

In this case, my suspicion is that ACLs are not properly stored in the source AEM, in the first place.

Not sure the way of verifying ACL storage, I explained earlier, is correct.

Once I clear this doubt, I could concentrate on ACL Migration.

Thanks,

Rama.

Sham_HC
Sham_HCAccepted solution
Level 10
March 8, 2016

Rama,

rep:principalname  is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
March 8, 2016

Thanks for explaining your case in details. I understand it.

It could be a bug as @Sham pointed out. However, I would still try with AEM Package manager just to confirm it. I would recommend creating a package in AEM without the help of a tool. And, move ACL Info to another system using this package. let's see whether this is a bug or tool issue.

--Jitendra

N
nsvsrkAuthor
Level 8
March 8, 2016

Hi,

How to use regular Package Manager to pack ACLs?

Let us say it is for /etc.

It it by adding /etc/rep:policy node in the filters?

or  /etc/rep:policy/allow node corresponding to the principal? If this is the second case, I do not have an allow node corresponding to the principal.

Thanks,

Rama.

smacdonald2008
smacdonald2008
Level 10
March 8, 2016

try  /etc/rep:policy node in filters

N
nsvsrkAuthor
Level 8
March 29, 2016

Hi all,

This issue was never resolved.

Some nodes still have rep:policy with appropriate privileges and some do not.

Thanks,

Rama.

Terms & ConditionsAccessibility statement

Loading footer...