Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

How to delete ACL entries which are related to a group?

Avatar

Level 3

I want to delete some groups. - All related entries in the Access Control Lists (ACLs) of all pages should also be deleted. 

Is there a way to automatically delete all references (ACL entries) to these groups while deleting the groups? 

0 Replies

Avatar

Community Advisor

Hi @software_engineer ,

In AEM after deleting user groups, those related entries rep:policy nodes remain intact.

This is how the ACL's implementation works in CRX.

To fix that prior to deleting a group you could clear its whole accesses - probably by deleting the proper entries lying under any rep:policy. There is no easy (automatic way) to do that. just code, it should be quite easy though to find any descendant of any rep:policy that has your group name within it.

Regards,

Santosh

Avatar

Level 3

Hi @SantoshSai , 

I should have mentioned in my question that I have already read the question and answer which had been posted on Stack Overflow over 5 years ago and copied by you:

https://stackoverflow.com/questions/38669003/aem-after-deleting-user-groups-reppolicy-nodes-remain-i...

Was it maybe your question or answer on Stack Overflow? Is it still up-to-date (in case of the latest AEM 6.5 on-premise version)? 

Avatar

Community Advisor

Hi,

If you set the permission manually then it is hard to remove but if you are using AC Tool, then it does work for you.

Ref : https://github.com/Netcentric/accesscontroltool 

 

Avatar

Level 3

Hi @arunpatidar , 

Thank you for your reply. I will read about this tool. We are currently not using it, but I will analyse if it's something useful for us. 

Avatar

Level 3

Hi @arunpatidar , 

I have read about the AC Tool and how it can be used.

We didn't create the groups manually, but programmatically. However, we didn't use the AC Tool in order to create the groups. Therefore, as far as I understood, we cannot use the AC Tool in order to delete the existing groups, can we? 

It's good to know that the AC Tool exists, but as far as I understood, it doesn't solve my current problem. 

Avatar

Level 3

Hi @arunpatidar , 

I read now the information under the link which you provided and it looks like in this way I can delete any group, but will it also delete all related entries (references to that group) in the Access Control Lists (ACLs) of all pages? Because deleting only a group is simple programatically. My main question is how to delete the related entries in ACLs of pages in an automatic way, when I delete a group.