Adobe Experience Manager Sites & More

shubha_kirani · 2/6/16

AEM: 5.6

User has been given folder level permission. I pulled up as 205 nodes. I want to start clean. I deleted user. When I add back user, all permissions are inherited back again. Since we use SAML authentication, I must use same userid.

1. Is there easy way to clean this up?

2. If I delete '.../rep:policy/allow0', '.../rep:policy/deny213' etc. via crx/de, will that cause problem for other users & groups?

I understand that folder level permissions should not be given on a user. But damage is done. I'm cleaning up.

Thank you for running such a helpful forum.

shubha_kirani · 2/8/16

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL

View solution in original post

Lokesh_Shivalingaiah · 2/6/16

What you will have to do is, for each path, delete the rep:policy for the required 'Principal' else it would affect all the users

shubha_kirani · 2/7/16

Lokesh,

Thank you for response. When I try to delete as suggested, I get error message 'Node is protected'. I'm logged in under my id, who is part of administrators group.

Gokul2011 · 2/7/16

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

kautuk_sahni · 2/7/16

Hi

Please try this:-

//

To delete a rep:policy Node, create a Node elsewhere an call it "delete_me", for example. Then move the rep:policy Node into the "delete_me" Node. Node moves are automatically saved. I have been burned too many time by forgetting to click "Save All" in CRXDE Lite, maybe you have too. Click "Save All" if it makes you feel more comfortable.

Now right click Node "delete_me" and delete the Node. Click "Save All" again. No more rep:policy Node.

you cannot simply delete a rep:policy Node. To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

Reference Link:- http://labs.6dglobal.com/blog/2012-09-26/workflow-launcher-blues/ (kellehmj's comment).

I hope this would help you.

Thanks and Regards

Kautuk Sahni

shubha_kirani · 2/7/16

To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

That's a brilliant idea. Thank you Kautuk.

What should be the primary type of 'delete_me'? Am I allowed to move deny rules under non- rep:policy node? Will give a try and let you know.

shubha_kirani · 2/8/16

Kautuk, unfortunately move did not work. Received 409 (conflict) errors. Says node is protected. Logged in as 'admin' id.

I'm trying to move only node 'rep:DenyACE' not entire 'rep:policy'.

shubha_kirani · 2/8/16

Gokul2011 wrote...

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

@Gokul2011 - yes I'm deleting other users and yes I tried as 'admin' as well.

shubha_kirani · 2/8/16

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL

Adobe Experience Manager Sites & More

Delete user do not delete rep:policy

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe