Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

repo init system user

Avatar

Level 6

Hi Team,

 

We user below script in repo init config to create system user and assign proper permission. It creates system user after build.

 

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

 

PROBLEM STATEMENT:

 

After config deployment, when we try to make some changes in script either through ConfigMgr console or using CRXDE, changes does not reflect at all.

 

Is it expected behavior?

 

 

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

HI,

you need to remove crx:replicate or deny in the next line

example

set ACL on /libs,/apps, /, /content/example.com/some-other_path
    remove * for user1,user2
    allow jcr:read for user1,user2
    allow privilege_without_namespace for user4

    deny jcr:write,something:else,another:one for user2
    deny jcr:lockManagement for user1
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end


Arun Patidar

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @arvind,

Yes that is expected -  These scripts are executed early in the deployment process so that all required configuration/content exist in the system before the code is executed.

Hope that helps!

Regards,

Santosh

Avatar

Level 6

@SantoshSai  Thanks for your reply.

 

I try to add more: After build, when we try to add new permission for system user using Configuration Manager, it works. But does not work when trying to remove some already granted permission.

 

It means even after code deployment, directly through console, scripts changes getting reflected. but with known issue as stated in above para.

Avatar

Community Advisor

@arvind you might need to assume this as immutable content and make sure the changes are part of the deployment.

Avatar

Level 6

Hi @B_Sravan ,

 

AEM VERSION : 6.5.11

I tried doing as part of deployment as well.

 

1) For veryfirst time, I used this script in my code:

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

 

2) It creates sys user as expected.

 

3) Removed "crx:replicate" permission from Code (Project code- config in form of JSON), re-deployed but it does not remove replicate permission this time.

 

This behavior does not help me to get any conclusion about How it should work.

 

 

 

Avatar

Correct answer by
Community Advisor

HI,

you need to remove crx:replicate or deny in the next line

example

set ACL on /libs,/apps, /, /content/example.com/some-other_path
    remove * for user1,user2
    allow jcr:read for user1,user2
    allow privilege_without_namespace for user4

    deny jcr:write,something:else,another:one for user2
    deny jcr:lockManagement for user1
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end


Arun Patidar