How to delete ACL entries which are related to a group? | Community
Skip to main content
S
software_engineer
Level 3
June 10, 2022

How to delete ACL entries which are related to a group?

  • June 10, 2022
  • 2 replies
  • 3463 views

I want to delete some groups. - All related entries in the Access Control Lists (ACLs) of all pages should also be deleted. 

Is there a way to automatically delete all references (ACL entries) to these groups while deleting the groups? 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

SantoshSai
Community Advisor
SantoshSaiCommunity Advisor
Community Advisor
June 10, 2022

Hi @software_engineer ,

In AEM after deleting user groups, those related entries rep:policy nodes remain intact.

This is how the ACL's implementation works in CRX.

To fix that prior to deleting a group you could clear its whole accesses - probably by deleting the proper entries lying under any rep:policy. There is no easy (automatic way) to do that. just code, it should be quite easy though to find any descendant of any rep:policy that has your group name within it.

Regards,

Santosh

Santosh Sai
    S
    software_engineerAuthor
    Level 3
    June 14, 2022

    Hi @santoshsai , 

    I should have mentioned in my question that I have already read the question and answer which had been posted on Stack Overflow over 5 years ago and copied by you:

    https://stackoverflow.com/questions/38669003/aem-after-deleting-user-groups-reppolicy-nodes-remain-intact

    Was it maybe your question or answer on Stack Overflow? Is it still up-to-date (in case of the latest AEM 6.5 on-premise version)? 

      arunpatidar
      Community Advisor
      arunpatidarCommunity Advisor
      Community Advisor
      June 10, 2022

      Hi,

      If you set the permission manually then it is hard to remove but if you are using AC Tool, then it does work for you.

      Ref : https://github.com/Netcentric/accesscontroltool 

       

      Arun Patidar
        S
        software_engineerAuthor
        Level 3
        June 14, 2022

        Hi @arunpatidar , 

        I have read about the AC Tool and how it can be used.

        We didn't create the groups manually, but programmatically. However, we didn't use the AC Tool in order to create the groups. Therefore, as far as I understood, we cannot use the AC Tool in order to delete the existing groups, can we? 

        It's good to know that the AC Tool exists, but as far as I understood, it doesn't solve my current problem. 

          S
          software_engineerAuthor
          Level 3
          June 15, 2022

          Hi,

          You can delete any existing group using AC Tools

          https://github.com/Netcentric/accesscontroltool/blob/develop/docs/AdvancedFeatures.md#automatically-purge-obsolete-groups-and-users 

           


          Hi @arunpatidar , 

          I read now the information under the link which you provided and it looks like in this way I can delete any group, but will it also delete all related entries (references to that group) in the Access Control Lists (ACLs) of all pages? Because deleting only a group is simple programatically. My main question is how to delete the related entries in ACLs of pages in an automatic way, when I delete a group. 

            Terms & ConditionsAccessibility statement

            Loading footer...