Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

shivanigarg111
Level 1
Level 1

Hi,

 

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set 

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server,  it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

 

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

Screenshot 2021-04-15 at 10.55.23 AM.png

 

Kindly help on this.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution
Kiran_Vedantam
Correct answer by
Community Advisor
Community Advisor

Hi @shivanigarg111,

 

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

 

Can you share your code snippet?

 

Thanks,

Kiran Vedantam.

View solution in original post

3 Replies
Kiran_Vedantam
Correct answer by
Community Advisor
Community Advisor

Hi @shivanigarg111,

 

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

 

Can you share your code snippet?

 

Thanks,

Kiran Vedantam.

View solution in original post

shivanigarg111
Level 1
Level 1

HI @Kiran_Vedantam, In the code, I am using system user to fetch the session names "test-user", the issue is not the code, The issue is while cloud manager deploy my codebase with the repoinit config, it fails at deploy to dev step and says I can't set read access to /libs hierarchy. Ideally AEM says I can do that at the time of deployment, but not at the runtime

aemmarc
Employee
Employee

You can't change anything under /libs. Full stop.

 

Immutability is enforced via a Composite Nodestore [1],

/apps is a mounted nodestore

/libs is another mounted nodestore that you can think of as a read-only 'golden master'

 

Your repo init scripts can do anything under /apps

But you won't be able to do anything under /libs -- you'll encounter runtime errors during the buildImage step of your pipeline and it will ultimately fail.

 

[1] -- https://jackrabbit.apache.org/oak/docs/nodestore/compositens.html