Hi,
Is there a way to allow non-admin users access and send requests to http://localhost:4502/.cqactions.html?
In particular, I want a non-admin user to be allowed use .cqactions to assign permissions for a given path to a given user:
{'authorizableId': 'username', 'changelog': 'path:/,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false'}
Thanks in advance.
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
your developer user is missing the read-acl and write-acl privilege. Can you add these privileges to that user and to the path, under which you want the developer user to be able to change the ACLs?
Kind regards,
Jörg
Views
Replies
Total Likes
Hi there,
Thanks for reaching out to Adobe Community.
You can assign permissions to a particular user on a specific node under the AEM Security Console: http://localhost:4502/useradmin
[img]permissions.png[/img]
Thanks!
Views
Replies
Total Likes
Hi Shekhar,
Buddy are you an automated bot or something? :)
Or are you just trolling me? :)
Do you even read questions before answering? :)
.cqactions is not a node, it is a REST endpoint that is used throughout CQ5 for various administrative actions.
Thanks dear bot!
Views
Replies
Total Likes
Pretty sure Shekhar is not a bot as his answer was correct (although perhaps could have been more complete) :)
You wrote
In particular, I want a non-admin user to be allowed use .cqactions to assign permissions for a given path to a given user:
And the way you would do that is by granting the edit access control permission.
Justin
Views
Replies
Total Likes
Hi Justin,
Looks like I have not phrased my question clearly. Let me try again. :)
As you know, there's this undocumented URL that we can send POST requests to inorder to perform various administrative activities:
http://loclhost:4502/.cqactions.html
For example, in order to modify permissions for a given user (e.g. user1) for a given path (e.g. /), the admin user can POST the following request
curl -u admin:admin --data "authorizableId=user1&changelog=path:/,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false" http://loclhost:4502/.cqactions.html
The admin user can make this POST request with no problem. However we want to avoid using the admin user as much as possible. As such, we have created this special user called deployer and we want to use the deployer to make this request. However if we perform the same POST request with this user, CQ5 responds with a 401 Unauthorized error:
curl -u deployer:pass --data "authorizableId=user1&changelog=path:/,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false" http://loclhost:4502/.cqactions.html
This is more or less similar to another issue we had recently: out of the box, only the admin user can login to http://loclhost:4502/system/console. In order to allow other users to login to /system/console, we have to configure an OSGi service (org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider)
and whitelist that user as well: http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...
Is there a way we can configure CQ5 so that we can let users other than admin send POST requests to http://loclhost:4502/.cqactions.html?
By the way, if I died because of a heart attack or something, or I just lost my sanity all of a sudden, in my will I have mentioned that it is because of the AEM Help Forums. I have mentioned the only way I can be avenged is by finding the people who have developed the Help Forums and force them to use the forum 24 hours a day. :((((
Views
Replies
Total Likes
The Eng team has improved the performance of the forums. They are working on making them even better. The community will see improvements throughout 2015.
Views
Replies
Total Likes
Hi,
your developer user is missing the read-acl and write-acl privilege. Can you add these privileges to that user and to the path, under which you want the developer user to be able to change the ACLs?
Kind regards,
Jörg
Views
Replies
Total Likes
Thanks Jorg. That worked.
Is there a way to let non-admin users see the list of installed packages under http://localhost:4503/crx/packmgr/index.jsp?
Views
Replies
Total Likes
Hi,
it's the same approach: provide read access for these users to /etc/packages.
kind regards,
Jörg
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies