SOLVED
Console Error - Principle-Based Access Control Setup
Hi All,
I have an issue with the below warning log -
25.11.2022 01:32:19.770 [cm-pxyzabc-eabcxyz-aem-publish-zzzz68f69-hp6ff] *WARN* [20.59.3.67 [1669339939629] GET /content/brandA/us/en/home.html HTTP/1.1] com.adobe.granite.repository.impl.SystemPrincipalsValidation Refactor principal 'custom-system-user' to have principal-based access control setup.
The system user is defined in the JSON file (.cfg.json) as below -
The permissions for the system user (ACE and User) are picked from yml file defined as below -
How should I refactor the service user and mapping to use principle name and principle-based authorization ?
@arunpatidar, @markus_bulla_adobe, @B_Sravan, @kautuk_sahni
Thanks,
Rohan Garg
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
1 Accepted Solution
Correct answer by
As per sling documentation (https://sling.apache.org/documentation/the-sling-engine/service-authentication.html) -
The below is the principle based mapping which is what we are already using -
<service-name>[:<subservice-name>]="["<principal name of a JCR system user>{","<principal name of a JCR system user>}"]"
Correct answer by
As per sling documentation (https://sling.apache.org/documentation/the-sling-engine/service-authentication.html) -
The below is the principle based mapping which is what we are already using -
<service-name>[:<subservice-name>]="["<principal name of a JCR system user>{","<principal name of a JCR system user>}"]"
Can you try to setup user with name as well?
Example
- al-oneweb-service-write-user:
- isMemberOf:
isSystemUser: true
name: al-oneweb-service-write-user
path: /home/users/system/aemlab/oneweb
Arun Patidar
@arunpatidar - Thanks for the quick reply, unfortunately still getting the same result!
Also one observation, the issue is seen only on our STAGE environment and not DEV environment.
The console warning related to this service user is not there on DEV.
Both the environments are using the same version of AEM - 2022.9.8722.20220912T101352Z
|
AEM RELEASE: 2022.9.8722.20220912T101352Z
|
did you deploy the changes in STAGE?
or the observation without the changes?
check this also https://github.com/Netcentric/accesscontroltool/issues/563
Arun Patidar
@arunpatidar - Apologies for the delay in response.
The changes were first deployed on DEV and then STAGE.
Both are getting the warning as seen below -
Line 26316: 29.11.2022 02:16:23.711 [cm-pyyyzzz-ezzzyyy-aem-publish-867777bc68-tssdm] *WARN* [74.78.55.185 [1669688183373] GET /content/brandA/us/en/home.html HTTP/1.1] com.adobe.granite.repository.impl.SystemPrincipalsValidation Refactor principal 'custom-system-user' to have principal-based access control setup
I double checked logs from previous days, my earlier observation that warning occurred in DEV and not STAGE was wrong.
For today here's the stats - Post deployment at 7.30 am GMT, the warnings came up again at 11 am.
