I have created around 15 groups and added permissions to the Dev environment in AEM(AEMaaCS). Now I want to move them to the production and staging environments. Can I create a package of this filter /libs/cq/core/content/nav/tools/security and use it in another environment?
Can anyone tell me how to move group permissions from one environment to another in AEMaaCS?
Views
Replies
Total Likes
@Mario248 you can make use of ACL packager from acs commons.
http://www.aemcq5tutorials.com/tutorials/migrate-users-and-groups-with-acl-permissions-in-aem/
Hope this helps,
Krishna
I guess ACL packager is not compatible on AEMaaCS. it supports on AEM onprem and AMS.
Hi @Mario248
Please check this doc for user management: https://www.linkedin.com/pulse/aem-cloud-service-migration-user-management-via-admin-kumar/
Hope it helps!
Thanks,
Kiran Vedantam.
It can be done be uing netcentric access control tool. It is compatible with AEMaaCS. Please find below the link
https://github.com/Netcentric/accesscontroltool
I hope it helps.
Rihit - Netcentric seems interesting. I hope this works in AEMaaCS. This https://github.com/Netcentric/accesscontroltool does not have much detailed information and I could not find much details on google as well. Can you share more reference and article on how to use netcentric access control tool?
Please fine below a related article describing it in detail.
https://blogs.perficient.com/2020/04/23/getting-started-with-the-netcentric-access-control-tool/
Yes, netcentric tool is compatible with AEMaacs, I have used it in my recent experience.
I installed accesscontroltool-oakindex-package-3.0.8 and accesscontroltool-package-3.0.8 in local and It is working in my local SDK but I can not install AC Tool in AEM Cloud instance. I get following error - Package (or it's subpackage(s)) contains application content which isn't supported at runtime.
Tried with accesscontroltool-package-3.0.8-cloud.zip as well but getting same error.
It can be installed in Adobe CM by using pom files.
Please find below URL for your reference.
https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#startup-hook
Thanks for sharing the details. I understand that the startup hook requires below PID and it will auto activate AC Tool in case of cloud but we can use installation hook to install it in local.
For cloud setup, I placed below config as suggested and created one test yaml file inside /apps/my-site/actool but I dont see NetCentric AC Tool in security console. It seems AC Tool is not activated in cloud. Am I missing anything here?
/apps/my-site/osgiconfig/config.author/biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.cfg.json
Value:-
{
"configurationRootPaths": ["/apps/my-site/actool"]
}
@Mario248
Could you please compare maven configs.
https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Installation.md#declaring-the-depe...
<build>
<plugins>
<plugin>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>filevault-package-maven-plugin</artifactId>
<configuration>
<properties>
<!-- declare the install hook also for cloud to ease local development with the AEM SDK (when installed in the actual cloud service the startup hook is used automatically instead, even with this configuration -->
<installhook.actool.class>biz.netcentric.cq.tools.actool.installhook.AcToolInstallHook</installhook.actool.class>
</properties>
<!-- package type mixed is required due to the install hook -->
<packageType>mixed</packageType>
<dependencies>
<dependency>
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-package</artifactId>
<!-- without classifier leave our for on-premise -->
<classifier>cloud</classifier>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-package</artifactId>
<!-- without classifier leave our for on-premise -->
<classifier>cloud</classifier>
<!-- version should come from parent/dependency management -->
<type>zip</type>
<scope>provided</scope>
</dependency>
</dependencies>
Thanks, I incorportaed the same in my code. It is working in my local but Cloud Manager pipeline is failed with below error
It resolved after adding dependencies in /all modules. Big thanks for providing all the details.
Can you tell how to mark this as correct answer?
Glad to know that.
you can click on three vertical dot near to my comment and mark it as correct.
I used to see 'Correct Reply' option but this thread I am not sure why it is not appearing.
glad to know that.
you can mark an answer correct by clicking on the button 'Correct reply', on my comment/reponse above.
Hello @Mario248
Repo init scripts might be a good option to explore. Reference:
One Tool to Configure Them All: Sling RepoInit / Blogs / Perficient
With Sling Repoint, we have a consolidated grammar to:
It won't migrate the current Dev to all other environments. But, if set once as OSGi configs, can be deployed across all environments.
These scripts can also be used to set permissions in the immutable areas of AEM as a Cloud Service.
The Netcentric ACL tool or AEM packages will not allow to set permissions in immutable areas.
Thanks for the detailed information. It helps me to understand the limitation of AC tool.
Views
Likes
Replies