Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

RepoInit Configuration is not able to set ACL: read permission of a system user in AEM As a Cloud Service

shivanigarg111
Level 1
Level 1

Hi,

 

I am having one config "org.apache.sling.jcr.repoinit.RepositoryInitializer" and in that I am trying to set 

"set ACL for test-user \r\nallow jcr:read on /libs/dam/content". While deploying the changes in local, it gets deployed easily, but when I deploy this config with my codebase in AEM AACS Server,  it says

[Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted java.lang.RuntimeException: Failed to set ACL (java.lang.UnsupportedOperationException: This builder is read-only.) AclLine ALLOW {paths=[/libs/dam/content], privileges=[jcr:read]} at org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:64) [org.apache.sling.jcr.repoinit:1.1.28] at org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:85) [org.apache.sling.jcr.repoinit:1.1.28]

 

To summerize, The issue is while cloud manager deploy my codebase with the repoinit config, it fails at deploy to dev step and says I can't set read access to /libs hierarchy. Ideally AEM says I can do that at the time of deployment, but not at the runtime

By seeing the below document, it feels like it should work because I am expecting it to set this permission at deployment time.

shivanigarg111_0-1618544020728.png

 

1 Accepted Solution
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @shivanigarg111 

 

I tried with the below script and getting a different error though.

create service user test-user
set ACL on /libs/dam/content
allow jcr:read for test-user
end

Error:

INFO: Adding ACL 'allow' entry '[jcr:read]' for [test-user] on [/libs/dam/content]

ERROR: Failed to set ACL (javax.jcr.PathNotFoundException: Cannot set ACL on non-existent path /libs/dam/content) AclLine ALLOW {principals=[test-user], privileges=[jcr:read]} 

 

Debugging further. Will keep posted if I find anything.

 

Thanks!

View solution in original post

3 Replies
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

Hi @shivanigarg111 

 

I tried with the below script and getting a different error though.

create service user test-user
set ACL on /libs/dam/content
allow jcr:read for test-user
end

Error:

INFO: Adding ACL 'allow' entry '[jcr:read]' for [test-user] on [/libs/dam/content]

ERROR: Failed to set ACL (javax.jcr.PathNotFoundException: Cannot set ACL on non-existent path /libs/dam/content) AclLine ALLOW {principals=[test-user], privileges=[jcr:read]} 

 

Debugging further. Will keep posted if I find anything.

 

Thanks!

View solution in original post

asutosh_jena
Community Advisor
Community Advisor

Hi @shivanigarg111 

 

/libs/dam/content - This is a valid path still it gives the error.

but when I try to use some path under /conf it works!

 

Looks like it's an issue with AACS and we might need to reach out to Adobe and see why it does not work based on the documentation.

 

Also I tried to move the configs to ui.config and dpeloyed which did not solve the issue.

Can you also give a try and see if it works for you?

 

asutosh_j3_0-1618578454489.png

 

Thanks!