Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Delete user do not delete rep:policy

Avatar

Level 2

AEM: 5.6

User has been given folder level permission. I pulled up as 205 nodes. I want to start clean. I deleted user. When I add back user, all permissions are inherited back again. Since we use SAML authentication, I must use same userid. 

1. Is there easy way to clean this up?

2. If I delete '.../rep:policy/allow0', '.../rep:policy/deny213' etc. via crx/de, will that cause problem for other users & groups? 

I understand that folder level permissions should not be given on a user. But damage is done. I'm cleaning up. 

Thank you for running such a helpful forum.

1 Accepted Solution

Avatar

Correct answer by
Level 2

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL

View solution in original post

0 Replies

Avatar

Community Advisor

What you will have to do is, for each path, delete the rep:policy for the required 'Principal' else it would affect all the users

Avatar

Level 2

Lokesh,

Thank you for response. When I try to delete as suggested, I get error message 'Node is protected'. I'm logged in under my id, who is part of administrators group.

Avatar

Level 6

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

Avatar

Administrator

Hi 

Please try this:- 

//

To delete a rep:policy Node, create a Node elsewhere an call it "delete_me", for example. Then move the rep:policy Node into the "delete_me" Node. Node moves are automatically saved. I have been burned too many time by forgetting to click "Save All" in CRXDE Lite, maybe you have too. Click "Save All" if it makes you feel more comfortable.

Now right click Node "delete_me" and delete the Node. Click "Save All" again. No more rep:policy Node.

you cannot simply delete a rep:policy Node. To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

Reference Link:- http://labs.6dglobal.com/blog/2012-09-26/workflow-launcher-blues/  (kellehmj's comment).

I hope this would help you.

 

Thanks and Regards

Kautuk Sahni

Avatar

Level 2
To delete the Node, create a regular Node somewhere - lets call it "delete_me". Now move the rep:policy Node under "delete_me". Now delete "delete_me".

 

That's a brilliant idea. Thank you Kautuk. 

What should be the primary type of 'delete_me'? Am I allowed to move deny rules under non- rep:policy node? Will give a try and let you know. 

Avatar

Level 2

Kautuk, unfortunately move did not work. Received 409 (conflict) errors. Says node is protected. Logged in as 'admin' id.

I'm trying to move only node 'rep:DenyACE' not entire 'rep:policy'.

Avatar

Level 2

Gokul2011 wrote...

Hi Lokesh,

From your id , are you deleting some other users.?

Do you tried accessing through admin login?

 

@Gokul2011 - yes I'm deleting other users and yes I tried as 'admin' as well.

Avatar

Correct answer by
Level 2

Finally received response from daycare. Below is the process they suggested:

Use CRX explore: http://localhost:4504/crx/explorer/index.jsp

Click Content Explore -> Security -> Access Control Editor.

This tool will allow you to remove ACL from a node.

Keep in mind, OOTB you cannot remove ALL users ACL