Adobe Experience Manager Sites & More

shivanigarg111 · 4/14/21

Hi,

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server, it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

Kindly help on this.

Kiran_Vedantam · 4/14/21

Hi @shivanigarg111,

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

Can you share your code snippet?

Thanks,

Kiran Vedantam.

View solution in original post

Kiran_Vedantam · 4/14/21

Hi @shivanigarg111,

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

Can you share your code snippet?

Thanks,

Kiran Vedantam.

shivanigarg111 · 4/14/21

HI @Kiran_Vedantam, In the code, I am using system user to fetch the session names "test-user", the issue is not the code, The issue is while cloud manager deploy my codebase with the repoinit config, it fails at deploy to dev step and says I can't set read access to /libs hierarchy. Ideally AEM says I can do that at the time of deployment, but not at the runtime

aemmarc · 4/16/21

You can't change anything under /libs. Full stop.

Immutability is enforced via a Composite Nodestore [1],

/apps is a mounted nodestore

/libs is another mounted nodestore that you can think of as a read-only 'golden master'

Your repo init scripts can do anything under /apps

But you won't be able to do anything under /libs -- you'll encounter runtime errors during the buildImage step of your pipeline and it will ultimately fail.

[1] -- https://jackrabbit.apache.org/oak/docs/nodestore/compositens.html

Adobe Experience Manager Sites & More

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe