Adobe Experience Manager Sites & More

ReddyIshanvi · 8/28/22

I am trying to deny access on a libs path (/libs/cq/core/content/nav/tools/security) using the repoinit and it's working fine on the local SDK but failing the pipeline on the cloud. Any recommendation on how to fix it?

Use case : "test-demo" Group is created in admin console and synced to AEM so group already exists in AEM.

The below code is adding to "org.apache.sling.jcr.repoinit.RepositoryInitializer~projectName.cfg.json" :

{

"scripts":[

"set ACL on /libs/cq/core/content/nav/tools/security\r\n deny jcr:read for \"test-demo\"\r\nend"

]

}

It works fine on my local but failing a pipeline on cloud. Any recommendations?

Jagadeesh_Prakash · 8/29/22

Hi @ReddyIshanvi

Below one workes. Make sure that the spaces and characters are replaced with encoded format

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
          jcr:primaryType="sling:OsgiConfig"
          scripts="[set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /var&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\ on /&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /etc&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /content&#xa; end, set ACL for content-reader-service&#xa;     allow   jcr:read\ on /content&#xa; end, set ACL for content-reader-service&#xa;     allow   jcr:read\ on /etc&#xa; end]"/>

View solution in original post

Jagadeesh_Prakash · 8/29/22

Hi @ReddyIshanvi

Below one workes. Make sure that the spaces and characters are replaced with encoded format

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
          jcr:primaryType="sling:OsgiConfig"
          scripts="[set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /var&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\ on /&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /etc&#xa; end, set ACL for content-writer-service&#xa;     allow   jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /content&#xa; end, set ACL for content-reader-service&#xa;     allow   jcr:read\ on /content&#xa; end, set ACL for content-reader-service&#xa;     allow   jcr:read\ on /etc&#xa; end]"/>

HeenaMadan · 8/29/22

Create file in ui.config folder:

scripts=["
# These paths must exist otherwise the following ACL applicaiton will fail, resulting in err'ing build
create path /libs/cq/core/content/nav/tools/security
# Create a group
create group test-demo
set ACL for test-demo
deny jcr:read on /libs/cq/core/content/nav/tools/security

end
"]

Sachin_Arora_ · 8/29/22

Can you please share the error of pipeline failure ?

Adobe Experience Manager Sites & More

How to allow/deny access to a libs path in aem as a cloud

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe

Adobe Experience Manager Sites & More

How to allow/deny access to a libs path in aem as a cloud

org.apache.sling.jcr.repoinit.RepositoryInitializer-projectinit.config

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe