Good day,
I'm experiencing a "problem" with the AEM publisher, that I can't figure out. Every time the AEM 6.0 publisher is restarted, rep:policy nodes are created for all parsys nodes in the /content/* directory with properties "cq:cugEnabled" set to true and "cq:cugPrincipals" containing a string array of cug roles. The created rep:policy nodes grant administrators the right to everything and deny everyone else all rights.
Can anyone tell me why these rep:policy nodes appear every time I restart my AEM 6.0 publisher instance?
Thanks!
Views
Replies
Total Likes
Hi,
obviously you have CUG properties in your publish instance, which is caused by the fact, that authors decided to use these functionality (check your page properties).
So whenever a publish is started it checks if there are CUG defined but the ACLs for it are missing. To get rid of this behaviour I would remove the CUG definitions on author; on publish side you can set the OSGI property "cug.enabled" to false (service "Day CQ Closed User Group (CUG) Support").
Views
Replies
Total Likes
The CUG is designed to work only on the publish environments and there are no plans to enable this on Author as it is a publishing feature.
Views
Replies
Total Likes
Resolved same issue and created page for reference.
https://aakul.blogspot.com/2019/05/aem-cug-permissions-gets-reset-post.html
In short permission can be deleted if CUG is disabled in AEM<6.3
From AEM 6.3, it will use separate authorization module called oak-authorization-cug, then it will never impact user permissions.
Views
Replies
Total Likes