Hi Team,
We user below script in repo init config to create system user and assign proper permission. It creates system user after build.
{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]
}
PROBLEM STATEMENT:
After config deployment, when we try to make some changes in script either through ConfigMgr console or using CRXDE, changes does not reflect at all.
Is it expected behavior?
Solved! Go to Solution.
Views
Replies
Total Likes
HI,
you need to remove crx:replicate or deny in the next line
example
set ACL on /libs,/apps, /, /content/example.com/some-other_path remove * for user1,user2 allow jcr:read for user1,user2 allow privilege_without_namespace for user4 deny jcr:write,something:else,another:one for user2 deny jcr:lockManagement for user1 deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) end
Hi @arvind,
Yes that is expected - These scripts are executed early in the deployment process so that all required configuration/content exist in the system before the code is executed.
Hope that helps!
Regards,
Santosh
@SantoshSai Thanks for your reply.
I try to add more: After build, when we try to add new permission for system user using Configuration Manager, it works. But does not work when trying to remove some already granted permission.
It means even after code deployment, directly through console, scripts changes getting reflected. but with known issue as stated in above para.
Hi @B_Sravan ,
AEM VERSION : 6.5.11
I tried doing as part of deployment as well.
1) For veryfirst time, I used this script in my code:
{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]
}
2) It creates sys user as expected.
3) Removed "crx:replicate" permission from Code (Project code- config in form of JSON), re-deployed but it does not remove replicate permission this time.
This behavior does not help me to get any conclusion about How it should work.
HI,
you need to remove crx:replicate or deny in the next line
example
set ACL on /libs,/apps, /, /content/example.com/some-other_path remove * for user1,user2 allow jcr:read for user1,user2 allow privilege_without_namespace for user4 deny jcr:write,something:else,another:one for user2 deny jcr:lockManagement for user1 deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) end
Views
Like
Replies