Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Child Nodes of rep:policy

Avatar

Level 7

Hi,

We are aware that the ACL permissions are stored as Child Nodes of rep:policy of that particular node.

I created a group authgrp and assigned some ACLs, Some of these ACLs are getting stored, while some are not.

Ex: I assigned read permission to group authgrp on the /etc node using useradmin console, but in /etc/rep:policy folder, none of the allow nodes has authgrp as the rep:principalname property.

Could you please explain?

Appreciate your help.

Thanks,

Rama.

1 Accepted Solution

Avatar

Correct answer by
Level 10

Rama,

rep:principalname  is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

View solution in original post

10 Replies

Avatar

Level 7

When I package using ACS ACL Packer (selecting principal as authgrp and not selecting includepaths, and installing on another AEM instance, the read permission for authgrp for /etc is missing.

Infact, this is what has prompted me to analyze the JCR only to find that there is no entry in /etc/rep:policy node.

Has anyone faced this?

Thanks,

Rama.

Avatar

Level 9

Honestly didn't get your question. What is the real issue here?.

Avatar

Level 7

Hi,

1. I created a group authgrp and assigned some privileges, including read permission on /etc. Of course I saved it.

2. When I created a package using ACS ACL Packager and installed on a different AEM instance, this read access on /etc node for this group was not showing.

3. I came back to the first AEM instance and verified whether the ACL info was stored appropriately.

4. Under /etc/rep:policy node, there are some allows and some denys nodes.

5. None of the allows has authgrp as the rep:principalname property. Then I assumed that the ACL was not saved correctly in the first place.

Is it clear now?

Could you please help?

Appreciate your help.

Thanks,

Rama.

Avatar

Level 7

In this case, my suspicion is that ACLs are not properly stored in the source AEM, in the first place.

Not sure the way of verifying ACL storage, I explained earlier, is correct.

Once I clear this doubt, I could concentrate on ACL Migration.

Thanks,

Rama.

Avatar

Correct answer by
Level 10

Rama,

rep:principalname  is mandatory & missing it sounds suspicious or a bug. File a support case.

Thanks,

Avatar

Level 9

Thanks for explaining your case in details. I understand it.

It could be a bug as @Sham pointed out. However, I would still try with AEM Package manager just to confirm it. I would recommend creating a package in AEM without the help of a tool. And, move ACL Info to another system using this package. let's see whether this is a bug or tool issue.

--Jitendra

Avatar

Level 7

Hi,

How to use regular Package Manager to pack ACLs?

Let us say it is for /etc.

It it by adding /etc/rep:policy node in the filters?

or  /etc/rep:policy/allow node corresponding to the principal? If this is the second case, I do not have an allow node corresponding to the principal.

Thanks,

Rama.

Avatar

Level 10

try  /etc/rep:policy node in filters

Avatar

Level 7

Hi all,

This issue was never resolved.

Some nodes still have rep:policy with appropriate privileges and some do not.

Thanks,

Rama.