Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

Avatar

Avatar
Validate 1
Level 1
shivanigarg111
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
shivanigarg111
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
shivanigarg111
Level 1

14-04-2021

Hi,

 

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set 

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server,  it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

 

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

Screenshot 2021-04-15 at 10.55.23 AM.png

 

Kindly help on this.

AEM aem as a cloud service

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
Level 6
KiranVedantam1992
Level 6

Likes

148 likes

Total Posts

148 posts

Correct Reply

42 solutions
Top badges earned
Validate 1
Establish
Give Back 3
Give Back
Boost 50
View profile

Avatar
Validate 1
Level 6
KiranVedantam1992
Level 6

Likes

148 likes

Total Posts

148 posts

Correct Reply

42 solutions
Top badges earned
Validate 1
Establish
Give Back 3
Give Back
Boost 50
View profile
KiranVedantam1992
Level 6

14-04-2021

Hi @shivanigarg111,

 

How are you getting the session of the JCR? Did you try the system/service user? I feel that the error is because of the lack of user permissions on the repository.

 

Can you share your code snippet?

 

Thanks,

Kiran Vedantam.

Answers (1)

Answers (1)

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

183 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

183 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

16-04-2021

You can't change anything under /libs. Full stop.

 

Immutability is enforced via a Composite Nodestore [1],

/apps is a mounted nodestore

/libs is another mounted nodestore that you can think of as a read-only 'golden master'

 

Your repo init scripts can do anything under /apps

But you won't be able to do anything under /libs -- you'll encounter runtime errors during the buildImage step of your pipeline and it will ultimately fail.

 

[1] -- https://jackrabbit.apache.org/oak/docs/nodestore/compositens.html