Adobe Experience Manager Sites & More

arvind · 9/14/22

Hi Team,

We user below script in repo init config to create system user and assign proper permission. It creates system user after build.

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

PROBLEM STATEMENT:

After config deployment, when we try to make some changes in script either through ConfigMgr console or using CRXDE, changes does not reflect at all.

Is it expected behavior?

arunpatidar · 9/15/22

HI,

you need to remove crx:replicate or deny in the next line

example

set ACL on /libs,/apps, /, /content/example.com/some-other_path
    remove * for user1,user2
    allow jcr:read for user1,user2
    allow privilege_without_namespace for user4

    deny jcr:write,something:else,another:one for user2
    deny jcr:lockManagement for user1
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end

Arun Patidar

View solution in original post

SantoshSai · 9/14/22

Hi @arvind,

Yes that is expected - These scripts are executed early in the deployment process so that all required configuration/content exist in the system before the code is executed.

Hope that helps!

Regards,

Santosh

arvind · 9/14/22

@SantoshSai Thanks for your reply.

I try to add more: After build, when we try to add new permission for system user using Configuration Manager, it works. But does not work when trying to remove some already granted permission.

It means even after code deployment, directly through console, scripts changes getting reflected. but with known issue as stated in above para.

B_Sravan · 9/14/22

@arvind you might need to assume this as immutable content and make sure the changes are part of the deployment.

arvind · 9/14/22

Hi @B_Sravan ,

AEM VERSION : 6.5.11

I tried doing as part of deployment as well.

1) For veryfirst time, I used this script in my code:

{
"scripts": [
"create service user sampleSysUser",
"set ACL on /content/sample \r\n allow jcr:read,jcr:modifyProperties,jcr:addChildNodes,rep:write,crx:replicate,jcr:removeNode,jcr:removeChildNodes,jcr:lockManagement,jcr:versionManagement,jcr:nodeTypeManagement for sampleSysUser \r\n end"
]

}

2) It creates sys user as expected.

3) Removed "crx:replicate" permission from Code (Project code- config in form of JSON), re-deployed but it does not remove replicate permission this time.

This behavior does not help me to get any conclusion about How it should work.

arunpatidar · 9/15/22

HI,

you need to remove crx:replicate or deny in the next line

example

set ACL on /libs,/apps, /, /content/example.com/some-other_path
    remove * for user1,user2
    allow jcr:read for user1,user2
    allow privilege_without_namespace for user4

    deny jcr:write,something:else,another:one for user2
    deny jcr:lockManagement for user1
    deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
end

Adobe Experience Manager Sites & More

repo init system user

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe