Solved

Delete user do not delete rep:policy

Forum|Forum|9 years ago
February 6, 2016
8 replies
5094 views

AEM: 5.6

User has been given folder level permission. I pulled up as 205 nodes. I want to start clean. I deleted user. When I add back user, all permissions are inherited back again. Since we use SAML authentication, I must use same userid.

1. Is there easy way to clean this up?

2. If I delete '.../rep:policy/allow0', '.../rep:policy/deny213' etc. via crx/de, will that cause problem for other users & groups?

I understand that folder level permissions should not be given on a user. But damage is done. I'm cleaning up.

Thank you for running such a helpful forum.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by shubha_kirani

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL

Lokesh_Shivalingaiah

What you will have to do is, for each path, delete the rep:policy for the required 'Principal' else it would affect all the users

shubha_kiraniAuthor

Lokesh,

Thank you for response. When I try to delete as suggested, I get error message 'Node is protected'. I'm logged in under my id, who is part of administrators group.

G

Gokul2011

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

kautuk_sahni

Community Manager

Hi

Please try this:-

//

To delete a rep:policy Node, create a Node elsewhere an call it "delete_me", for example. Then move the rep:policy Node into the "delete_me" Node. Node moves are automatically saved. I have been burned too many time by forgetting to click "Save All" in CRXDE Lite, maybe you have too. Click "Save All" if it makes you feel more comfortable.

Now right click Node "delete_me" and delete the Node. Click "Save All" again. No more rep:policy Node.

you cannot simply delete a rep:policy Node. To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

Reference Link:- http://labs.6dglobal.com/blog/2012-09-26/workflow-launcher-blues/ (kellehmj's comment).

I hope this would help you.

Thanks and Regards

Kautuk Sahni

shubha_kiraniAuthor

To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

That's a brilliant idea. Thank you Kautuk.

What should be the primary type of 'delete_me'? Am I allowed to move deny rules under non- rep:policy node? Will give a try and let you know.

shubha_kiraniAuthor

Kautuk, unfortunately move did not work. Received 409 (conflict) errors. Says node is protected. Logged in as 'admin' id.

I'm trying to move only node 'rep:DenyACE' not entire 'rep:policy'.

shubha_kiraniAuthor

Gokul2011 wrote...

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

@Gokul2011 - yes I'm deleting other users and yes I tried as 'admin' as well.

shubha_kiraniAuthorAccepted solution

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded