Hi All,
I have created one repoinit script to manage AEM groups and permissions. we already have another script to manage dam related groups and permission.
previously for AEM users access were managed via ACS ACL tool and deployed as a package across all environments. so we want to manage these groups as part of our codebase.
So I have created a new script for AEM groups but existing ACL assigned to mentioned locations are not getting replaced, hence the issue. Could anyone please suggest if I need to perform any additional changes.
Thanks,
Abhishek
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
I think there's some confusion about how repoInit
works. It doesn't run on each deployment but rather when the SlingRepository
service is registered, which usually occurs when the server starts. So, if you update the repoInit
config, these changes will not be applied when you redeploy your code, but only if the AEM instance is restarted or if you install this project in a new instance. RepoInit
is great for initial setup or migration processes, not for maintenance tasks.
You can learn more about how repoInit
works here:
https://sling.apache.org/documentation/bundles/repository-initialization.html
https://aemtechblog.medium.com/repoinit-in-aem-part-i-d1e5df461802
Hope this helps.
Is it on your local setup or you are facing this challenge on AEMCaS environment. If you are facing this issue on your local the. I would recommend restarting your aem instance to see the change currently coming from repoinit script
ok, will try and confirm.
Hi,
I think there's some confusion about how repoInit
works. It doesn't run on each deployment but rather when the SlingRepository
service is registered, which usually occurs when the server starts. So, if you update the repoInit
config, these changes will not be applied when you redeploy your code, but only if the AEM instance is restarted or if you install this project in a new instance. RepoInit
is great for initial setup or migration processes, not for maintenance tasks.
You can learn more about how repoInit
works here:
https://sling.apache.org/documentation/bundles/repository-initialization.html
https://aemtechblog.medium.com/repoinit-in-aem-part-i-d1e5df461802
Hope this helps.
ok, will check and confirm. Thanks for sharing the link
Hi @AbhishekSa5
I am assuming the issue is that you already have the ACLs defined for groups and it is not removing them and just adding the new rules only.
please try to remove the ACLs first for the group like below
# Remove AC policies entirely (not just individual entries)
delete ACL for ana
delete ACL for alice, aida
delete ACL on :repository, home(anni), functionNamesAreFree(aendu)
delete ACL on /, /var, /etc
delete ACL on /content
delete principal ACL for ada, amy
delete principal ACL for adi
also if you are setting principal ACL please use ensure keyword
ensure principal ACL for principal1,principal2
remove * on /libs,/apps
allow jcr:read on /content
end
more info can be found at https://sling.apache.org/documentation/bundles/repository-initialization.html
quick question- so if I remove the ACLs from groups first and deploy the script across all environments so everytime codebase gets deployed it will again delete the ACLs and add permissions again?
Thanks,
Abhishek
Hi @AbhishekSa5
Yes. Also, if you have specific rules to be removed you can deny those ACLs on the path mentioned.
you can refer to https://sling.apache.org/documentation/bundles/repository-initialization.html#repoinit-parser-test-s... for syntax.
@AbhishekSa5 Are you re-starting the instance after you deploy the repoInit scripts?
If you want to manage users and groups which are meant to manage the content creation and maintenance process, I would not use repoinit, but for example the Netcentric AC Tool.
I would use repoinit only to setup the necessary permissions and service-users to make the application work, everything else on top I would use the AC Tool.
Views
Likes
Replies
Views
Likes
Replies