Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Principal is not contained in config, hence not cleaning its ACE from non-config-contained path

Avatar

Level 3

I am using AEM as a cloud service and installed netcentric tool. I have been getting this error from AEM error log:

 

Principal {} is not contained in config, hence not cleaning its ACE from non-config-contained path

 

I saw this error message is coming from this code: https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

 

 

 

 

 private Set<String> getRelevantPathsForAceCleanup(Set<String> authorizablesInConfig, Map<String, Set<AceBean>> repositoryDumpAceMap,
            AcesConfig aceBeansFromConfig) {
        // loop through all ACLs found in the repository
        Set<String> relevantPathsForCleanup = new HashSet<String>();
        for (Map.Entry<String, Set<AceBean>> entry : repositoryDumpAceMap.entrySet()) {
            Set<AceBean> existingAcl = entry.getValue();
            for (AceBean existingAceFromDump : existingAcl) {
                String jcrPath = existingAceFromDump.getJcrPath();
                String principalName = existingAceFromDump.getPrincipalName();

                if (aceBeansFromConfig.containsPath(jcrPath)) {
                    LOG.trace("Path {} is explicitly listed in config and hence that ACL is handled later, "
                            + "not preceding cleanup needed here", jcrPath);
                    continue;
                }

                if (!authorizablesInConfig.contains(principalName)) {
                    LOG.debug("Principal {} is not contained in config, hence not cleaning its ACE from non-config-contained "
                            + "path {}", principalName, jcrPath);
                    continue;
                }
                relevantPathsForCleanup.add(jcrPath);
            }
        }
        return relevantPathsForCleanup;
    }

 

 Does anyone know where is `authorizablesInConfig` referred to in AEM and how can I include this principalName?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @aemUser2345 ,

authorizablesInConfig is basically a principalToRemoveAccessFor param that is passed in below function 

 removeAcesForPathsNotInConfig(installLog, session, principalsToRemoveAcesFor, repositoryDumpAceMap, acConfiguration);

 On further look up you could see that this is basically coming from below class, i.e AcConfiguration.java
https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

 

There is getter in above class named as getAuthorizablesConfig.


Hope it helps!

Thanks
Tarun

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @aemUser2345 ,

authorizablesInConfig is basically a principalToRemoveAccessFor param that is passed in below function 

 removeAcesForPathsNotInConfig(installLog, session, principalsToRemoveAcesFor, repositoryDumpAceMap, acConfiguration);

 On further look up you could see that this is basically coming from below class, i.e AcConfiguration.java
https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/...

 

There is getter in above class named as getAuthorizablesConfig.


Hope it helps!

Thanks
Tarun

Avatar

Administrator

@aemUser2345 Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni