RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service | Community
Skip to main content
S
shivanigarg111
April 15, 2021
Solved

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

  • April 15, 2021
  • 2 replies
  • 3574 views

Hi,

 

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set 

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server,  it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

 

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

 

Kindly help on this.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Kiran_Vedantam

Hi @shivanigarg111,

 

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

 

Can you share your code snippet?

 

Thanks,

Kiran Vedantam.

2 replies

Kiran_Vedantam
Community Advisor
Kiran_VedantamCommunity AdvisorAccepted solution
Community Advisor
April 15, 2021

Hi @shivanigarg111,

 

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

 

Can you share your code snippet?

 

Thanks,

Kiran Vedantam.

    S
    shivanigarg111Author
    April 15, 2021

    HI @kiran_vedantam, In the code, I am using system user to fetch the session names "test-user", the issue is not the code, The issue is while cloud manager deploy my codebase with the repoinit config, it fails at deploy to dev step and says I can't set read access to /libs hierarchy. Ideally AEM says I can do that at the time of deployment, but not at the runtime

    A
    Adobe Employee
    aemmarc2Adobe Employee
    Adobe Employee
    April 16, 2021

    You can't change anything under /libs. Full stop.

     

    Immutability is enforced via a Composite Nodestore [1],

    /apps is a mounted nodestore

    /libs is another mounted nodestore that you can think of as a read-only 'golden master'

     

    Your repo init scripts can do anything under /apps

    But you won't be able to do anything under /libs -- you'll encounter runtime errors during the buildImage step of your pipeline and it will ultimately fail.

     

    [1] -- https://jackrabbit.apache.org/oak/docs/nodestore/compositens.html

      Terms & ConditionsAccessibility statement

      Loading footer...