Adobe Experience Manager Sites & More

aemUser2345 · 5/10/24

I am using AEM as a cloud service and installed netcentric tool. I have been getting this error from AEM error log:

Principal {} is not contained in config, hence not cleaning its ACE from non-config-contained path

I saw this error message is coming from this code: https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

 private Set<String> getRelevantPathsForAceCleanup(Set<String> authorizablesInConfig, Map<String, Set<AceBean>> repositoryDumpAceMap,
            AcesConfig aceBeansFromConfig) {
        // loop through all ACLs found in the repository
        Set<String> relevantPathsForCleanup = new HashSet<String>();
        for (Map.Entry<String, Set<AceBean>> entry : repositoryDumpAceMap.entrySet()) {
            Set<AceBean> existingAcl = entry.getValue();
            for (AceBean existingAceFromDump : existingAcl) {
                String jcrPath = existingAceFromDump.getJcrPath();
                String principalName = existingAceFromDump.getPrincipalName();

                if (aceBeansFromConfig.containsPath(jcrPath)) {
                    LOG.trace("Path {} is explicitly listed in config and hence that ACL is handled later, "
                            + "not preceding cleanup needed here", jcrPath);
                    continue;
                }

                if (!authorizablesInConfig.contains(principalName)) {
                    LOG.debug("Principal {} is not contained in config, hence not cleaning its ACE from non-config-contained "
                            + "path {}", principalName, jcrPath);
                    continue;
                }
                relevantPathsForCleanup.add(jcrPath);
            }
        }
        return relevantPathsForCleanup;
    }

Does anyone know where is `authorizablesInConfig` referred to in AEM and how can I include this principalName?

TarunKumar · 5/14/24

Hi @aemUser2345 ,

authorizablesInConfig is basically a principalToRemoveAccessFor param that is passed in below function

 removeAcesForPathsNotInConfig(installLog, session, principalsToRemoveAcesFor, repositoryDumpAceMap, acConfiguration);

On further look up you could see that this is basically coming from below class, i.e AcConfiguration.java
https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

There is getter in above class named as getAuthorizablesConfig.

Hope it helps!

Thanks
Tarun

View solution in original post

TarunKumar · 5/14/24

Hi @aemUser2345 ,

authorizablesInConfig is basically a principalToRemoveAccessFor param that is passed in below function

 removeAcesForPathsNotInConfig(installLog, session, principalsToRemoveAcesFor, repositoryDumpAceMap, acConfiguration);

On further look up you could see that this is basically coming from below class, i.e AcConfiguration.java
https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

There is getter in above class named as getAuthorizablesConfig.

Hope it helps!

Thanks
Tarun

kautuk_sahni · 6/10/24

@aemUser2345 Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!