Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

How to delete ACL entries which are related to a group?

Avatar

Level 3

I want to delete some groups. - All related entries in the Access Control Lists (ACLs) of all pages should also be deleted. 

Is there a way to automatically delete all references (ACL entries) to these groups while deleting the groups? 

8 Replies

Avatar

Community Advisor

Hi @software_engineer ,

In AEM after deleting user groups, those related entries rep:policy nodes remain intact.

This is how the ACL's implementation works in CRX.

To fix that prior to deleting a group you could clear its whole accesses - probably by deleting the proper entries lying under any rep:policy. There is no easy (automatic way) to do that. just code, it should be quite easy though to find any descendant of any rep:policy that has your group name within it.

Regards,

Santosh

Avatar

Level 3

Hi @SantoshSai , 

I should have mentioned in my question that I have already read the question and answer which had been posted on Stack Overflow over 5 years ago and copied by you:

https://stackoverflow.com/questions/38669003/aem-after-deleting-user-groups-reppolicy-nodes-remain-i...

Was it maybe your question or answer on Stack Overflow? Is it still up-to-date (in case of the latest AEM 6.5 on-premise version)? 

Avatar

Community Advisor

Hi,

If you set the permission manually then it is hard to remove but if you are using AC Tool, then it does work for you.

Ref : https://github.com/Netcentric/accesscontroltool 

 



Arun Patidar

Avatar

Level 3

Hi @arunpatidar , 

Thank you for your reply. I will read about this tool. We are currently not using it, but I will analyse if it's something useful for us. 

Avatar

Level 3

Hi @arunpatidar , 

I have read about the AC Tool and how it can be used.

We didn't create the groups manually, but programmatically. However, we didn't use the AC Tool in order to create the groups. Therefore, as far as I understood, we cannot use the AC Tool in order to delete the existing groups, can we? 

It's good to know that the AC Tool exists, but as far as I understood, it doesn't solve my current problem. 

Avatar

Level 3

Hi @arunpatidar , 

I read now the information under the link which you provided and it looks like in this way I can delete any group, but will it also delete all related entries (references to that group) in the Access Control Lists (ACLs) of all pages? Because deleting only a group is simple programatically. My main question is how to delete the related entries in ACLs of pages in an automatic way, when I delete a group. 

Avatar

Community Advisor

Yes, It will delete ACL from rep:policy as well as user/group.



Arun Patidar