How to fetch ACLs of sites and individual pages in AEM On-Prem and SAAS?

Question

No text available

ShaileshBassi · Accepted Answer

Since an administrator can see all effective permissions for a specific path in CRX Explorer > Access Control

If you are looking forward to fetch the details in the java code you can use the "AccessControlManager" api and use the method "getEffectivePolicies" in your custom logic.

API Reference:

https://developer.adobe.com/experience-manager/reference-materials/spec/jsr170/javadocs/jcr-2.0/javax/jcr/security/AccessControlManager.html

There are some more use case present in the ACS Commons as well, you can check out the code within it to understand how we can use it.

Reference for ACS git: https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/adobe/acs/commons/users/impl/EnsureAce.java

Thanks

SantoshSai · Answer

Hi @omkar_phadtare ,There are two ways you can read ACL from a node. You can either chose aCRX or Jackrabbit way. find both examples in below piece of code.private static final String READ_ACCESS = "jcr:read";AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();AccessControlPolicy[] accessControlPolicies = accessControlManager.getEffectivePolicies(path);for(AccessControlPolicy accessControlPolicy:accessControlPolicies) {      JackrabbitAccessControlList accessControlList = (JackrabbitAccessControlList)accessControlPolicy;      AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();      for(AccessControlEntry accessControlEntry:accessControlEntries) {          //Using CRX Way          String[] privilege = {READ_ACCESS};          //AclPolicy aclPolicy = new AclPolicy(accessControlEntry.getPrincipal().getName(),privilege,false);          //CRXPolicyManager crxPolicyManager = new CRXPolicyManager(jackrabbitSession);          //crxPolicyManager.applyPolicy(path, aclPolicy);          //Jackrabbit way          Privilege[] privileges = new          Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_READ)};          JackrabbitAccessControlList acl;          try {                acl = (JackrabbitAccessControlList)                accessControlManager.getApplicablePolicies(path).nextAccessControlPolicy();          } catch (NoSuchElementException e) {          // ignore          acl = (JackrabbitAccessControlList) accessControlManager.getPolicies(path)[0];        }     for (AccessControlEntry e : acl.getAccessControlEntries()) {         acl.removeAccessControlEntry(e);     }     acl.addEntry(accessControlEntry.getPrincipal(), privileges, false);     accessControlManager.setPolicy(path, acl);     jackrabbitSession.save();    }  }}} catch (PathNotFoundException e) {    // TODO Auto-generated catch block    e.printStackTrace();} catch (RepositoryException e) {    // TODO Auto-generated catch block    e.printStackTrace();}    // TODO Auto-generated method stub}References are linked in above options.Hope that helps!Regards,Santosh

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded