Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Update anonymous user permissions on AEM as a Cloud Service

anubhav1988
Level 1
Level 1

Hi folks,

I need to give jcr:read access on certain nodes in /apps directory to anonymous user on AEM publish instance.

In AEM as a Cloud Service, I don't have the permissions to access user management console and unable to give permissions manually.

I tried repoinit to grant the permissions.

 

 set ACL on /apps
 allow jcr:read for anonymous
 end

 

However, the code pipeline gives error during deployment as below.

 

DD.MM.YYYY 04:00:04.307 *ERROR* [Apache Sling Repository Startup Thread #1] com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a SlingRepositoryInitializer, SlingRepository service registration aborted
java.lang.RuntimeException: Failed to set ACL (javax.jcr.PathNotFoundException: Cannot set ACL on non-existent path /apps) AclLine ALLOW {principals=[anonymous], privileges=[jcr:read]}

 


Can you please suggest a resolution for this?


Note - I am able to give these permissions on my local which fixes the actual issue we are facing.

 

Regards,
Anubhav

 

1 Accepted Solution
rampai
Correct answer by
Level 5
Level 5

Hi @anubhav1988,

 

The problem would be because the repo init statements mention mutable content in the documentation.

 

/apps and /libs are immutable at runtime and ACLs are stored under the respective nodes that need the permission in. AEM. 

 

Did you try packaging rep:policy nodes in ui.apps package?

 

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/developing/aem...

 

The ui.apps package contains all the code to be deployed and only deploys to /apps. Common elements of the ui.apps package include, but are not limited to:

  • Component definitions and HTL scripts
    • /apps/my-app/components
  • JavaScript and CSS (via Client Libraries)
    • /apps/my-app/clientlibs
  • Overlays of /libs
    • /apps/cq, /apps/dam/, etc.
  • Fallback context-aware configurations
    • /apps/settings
  • ACLs (permissions)
    • Any rep:policy for any path under /apps

 

Thanks,

Ram

View solution in original post

3 Replies
bangar50
Level 7
Level 7

Hi @anubhav1988 ,

                                you can give the permission through dispatcher in the filter. Any file.

 

 

Regards,

Sanjay

rampai
Correct answer by
Level 5
Level 5

Hi @anubhav1988,

 

The problem would be because the repo init statements mention mutable content in the documentation.

 

/apps and /libs are immutable at runtime and ACLs are stored under the respective nodes that need the permission in. AEM. 

 

Did you try packaging rep:policy nodes in ui.apps package?

 

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/developing/aem...

 

The ui.apps package contains all the code to be deployed and only deploys to /apps. Common elements of the ui.apps package include, but are not limited to:

  • Component definitions and HTL scripts
    • /apps/my-app/components
  • JavaScript and CSS (via Client Libraries)
    • /apps/my-app/clientlibs
  • Overlays of /libs
    • /apps/cq, /apps/dam/, etc.
  • Fallback context-aware configurations
    • /apps/settings
  • ACLs (permissions)
    • Any rep:policy for any path under /apps

 

Thanks,

Ram

View solution in original post