Adobe Experience Manager Sites & More

nsvsrk · 3/7/16

Hi,

We are aware that the ACL permissions are stored as Child Nodes of rep:policy of that particular node.

I created a group authgrp and assigned some ACLs, Some of these ACLs are getting stored, while some are not.

Ex: I assigned read permission to group authgrp on the /etc node using useradmin console, but in /etc/rep:policy folder, none of the allow nodes has authgrp as the rep:principalname property.

Could you please explain?

Appreciate your help.

Thanks,

Rama.

Sham_HC · 3/8/16

Rama,

rep:principalname is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

View solution in original post

nsvsrk · 3/8/16

When I package using ACS ACL Packer (selecting principal as authgrp and not selecting includepaths, and installing on another AEM instance, the read permission for authgrp for /etc is missing.

Infact, this is what has prompted me to analyze the JCR only to find that there is no entry in /etc/rep:policy node.

Has anyone faced this?

Thanks,

Rama.

Jitendra_S_Toma · 3/8/16

Honestly didn't get your question. What is the real issue here?.

nsvsrk · 3/8/16

Hi,

1. I created a group authgrp and assigned some privileges, including read permission on /etc. Of course I saved it.

2. When I created a package using ACS ACL Packager and installed on a different AEM instance, this read access on /etc node for this group was not showing.

3. I came back to the first AEM instance and verified whether the ACL info was stored appropriately.

4. Under /etc/rep:policy node, there are some allows and some denys nodes.

5. None of the allows has authgrp as the rep:principalname property. Then I assumed that the ACL was not saved correctly in the first place.

Is it clear now?

Could you please help?

Appreciate your help.

Thanks,

Rama.

smacdonald2008 · 3/8/16

Here is an older KB that may help

https://helpx.adobe.com/experience-manager/kb/ACLsMigration.html

nsvsrk · 3/8/16

In this case, my suspicion is that ACLs are not properly stored in the source AEM, in the first place.

Not sure the way of verifying ACL storage, I explained earlier, is correct.

Once I clear this doubt, I could concentrate on ACL Migration.

Thanks,

Rama.

Sham_HC · 3/8/16

Rama,

rep:principalname is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

Jitendra_S_Toma · 3/8/16

Thanks for explaining your case in details. I understand it.

It could be a bug as @Sham pointed out. However, I would still try with AEM Package manager just to confirm it. I would recommend creating a package in AEM without the help of a tool. And, move ACL Info to another system using this package. let's see whether this is a bug or tool issue.

--Jitendra

nsvsrk · 3/8/16

Hi,

How to use regular Package Manager to pack ACLs?

Let us say it is for /etc.

It it by adding /etc/rep:policy node in the filters?

or /etc/rep:policy/allow node corresponding to the principal? If this is the second case, I do not have an allow node corresponding to the principal.

Thanks,

Rama.

smacdonald2008 · 3/8/16

try /etc/rep:policy node in filters

nsvsrk · 3/29/16

Hi all,

This issue was never resolved.

Some nodes still have rep:policy with appropriate privileges and some do not.

Thanks,

Rama.

Adobe Experience Manager Sites & More

Child Nodes of rep:policy

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe