Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

How to allow/deny access to a libs path in aem as a cloud

Avatar

Level 3

I am trying to deny access on a libs path (/libs/cq/core/content/nav/tools/security) using the repoinit and it's working fine on the local SDK but failing the pipeline on the cloud. Any recommendation on how to fix it?

 

Use case : "test-demo" Group is created in admin console and synced to AEM so group already exists in AEM.

The below code is adding to "org.apache.sling.jcr.repoinit.RepositoryInitializer~projectName.cfg.json" :

{
"scripts":[
"set ACL on /libs/cq/core/content/nav/tools/security\r\n deny jcr:read for \"test-demo\"\r\nend"
]
}
 
It works fine on my local but failing a pipeline on cloud. Any recommendations?
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @ReddyIshanvi 

 

Below one workes. Make sure that the spaces and characters are replaced with encoded format

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
scripts="[set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /var&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\ on /&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /etc&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /content&#xa; end, set ACL for content-reader-service&#xa; allow jcr:read\ on /content&#xa; end, set ACL for content-reader-service&#xa; allow jcr:read\ on /etc&#xa; end]"/>

 

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi @ReddyIshanvi 

 

Below one workes. Make sure that the spaces and characters are replaced with encoded format

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
scripts="[set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /var&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\ on /&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /etc&#xa; end, set ACL for content-writer-service&#xa; allow jcr:read\,rep:write\,jcr:versionManagement\, jcr:modifyAccessControl\,jcr:readAccessControl\,jcr:lockManagement on /content&#xa; end, set ACL for content-reader-service&#xa; allow jcr:read\ on /content&#xa; end, set ACL for content-reader-service&#xa; allow jcr:read\ on /etc&#xa; end]"/>

 

Avatar

Community Advisor

Create file in ui.config folder:

scripts=["
# These paths must exist otherwise the following ACL applicaiton will fail, resulting in err'ing build
create path /libs/cq/core/content/nav/tools/security
# Create a group
create group test-demo
set ACL for test-demo
deny jcr:read on /libs/cq/core/content/nav/tools/security

end
"]

Avatar

Community Advisor

Can you please share the error of pipeline failure ?