repo init system user | Community
Skip to main content
A
arvind-1
September 14, 2022
Solved

repo init system user

  • September 14, 2022
  • 1 reply
  • 1731 views

Hi Team,

 

We user below script in repo init config to create system user and assign proper permission. It creates system user after build.

 

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

 

PROBLEM STATEMENT:

 

After config deployment, when we try to make some changes in script either through ConfigMgr console or using CRXDE, changes does not reflect at all.

 

Is it expected behavior?

 

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

Hi @b_sravan ,

 

AEM VERSION : 6.5.11

I tried doing as part of deployment as well.

 

1) For veryfirst time, I used this script in my code:

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

 

2) It creates sys user as expected.

 

3) Removed "crx:replicate" permission from Code (Project code- config in form of JSON), re-deployed but it does not remove replicate permission this time.

 

This behavior does not help me to get any conclusion about How it should work.

 

 

 


HI,

you need to remove crx:replicate or deny in the next line

example

set ACL on /libs,/apps, /, /content/example.com/some-other_path
    remove * for user1,user2
    allow jcr:read for user1,user2
    allow privilege_without_namespace for user4

    deny jcr:write,something:else,another:one for user2
    deny jcr:lockManagement for user1
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end

1 reply

SantoshSai
Community Advisor
SantoshSaiCommunity Advisor
Community Advisor
September 14, 2022

Hi @arvind-1,

Yes that is expected -  These scripts are executed early in the deployment process so that all required configuration/content exist in the system before the code is executed.

Hope that helps!

Regards,

Santosh

Santosh Sai
    B_Sravan
    Community Advisor
    B_SravanCommunity Advisor
    Community Advisor
    September 14, 2022

    @arvind-1 you might need to assume this as immutable content and make sure the changes are part of the deployment.

      A
      arvind-1Author
      September 14, 2022

      Hi @b_sravan ,

       

      AEM VERSION : 6.5.11

      I tried doing as part of deployment as well.

       

      1) For veryfirst time, I used this script in my code:

      {
      "scripts": [
      "create service user sampleSysUser",
      "set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
      ]

      }

       

      2) It creates sys user as expected.

       

      3) Removed "crx:replicate" permission from Code (Project code- config in form of JSON), re-deployed but it does not remove replicate permission this time.

       

      This behavior does not help me to get any conclusion about How it should work.

       

       

       

        Terms & ConditionsAccessibility statement

        Loading footer...