Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Retrieve effective permissions in AEM 6.0 using REST services

Avatar

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
matthieu_théria
Level 1

15-10-2015

Hi,

I'm new in the world of AEM. I have installed AEM 6.0 (author and publish instances).

I'm interested to find a way to retrieve effective permissions on a specific repository node by using a REST call.

For this, I have installed the last version of the OSGi Bundle "jackrabbit.accessmanager" (v2.1.2). With this, we can do this call to get the effective permissions for pa particular not in JSON format: http://localhost:4502/content/mynode.eacl.json.

However, its seems that the effective permissions are not correctly computed... it seems that the ACLs defined with restrictions are not correctly resolved. I think that it's something new in AEM 6.0 because it uses the JackRabbit Oak 1.0.0 Repository instead of a JackRabbit 2.0 Repository... and maybe restrictions are a new concept not correctly handled in the "jackrabbit.accessmanager" bundle?!?

In fact, in the default demo Geometrixx, some ACLs are defined for the "Everyone" group with restrictions (path), for example:

  • everyone - Deny jcr:read - Restrictions rep:glob-libs*/config/*
  • everyone - Deny jcr:read - Restrictions rep:glob-apps*/config/*
  • everyone - Allow jcr:read

The effective permissions for all nodes excluding nodes under the path "libs" and "apps" should be "Allow jcr:read", but the call returns for the "content" node for example:

everyone: { principal: "everyone",denied: [ jcr:read ], order: 3 }

I think that the restrictions are not correctly handled by this bundle... maybe it is outdated and not compatible with the JackRabbit Oak 1.0.0 Repository...

Is there an equivalent or something new to get effective permissions with a REST call in AEM 6.0?

Thanks for your help.

Matthieu

View Entire Topic

Avatar

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
matthieu_théria
Level 1

15-10-2015

Yes, I understand your point, but I have some constraints...

I will not be able to dynamically do the query with a "specific user". I really need to get the effective permissions (in terms of users and groups) and push them in another security model with the retrieved content.

Is there no way to do this?

Thanks,

Matthieu