When running a Groovy script I am getting a javax.jcr.nodetype.ConstraintViolationException: Item is protected error

lisa_burrow

28-09-2020

Hi,

 

I am running a Groovy script to delete some child nodes from the home/users/X folder in AEM but I am getting 

 

javax.jcr.nodetype.ConstraintViolationException: Item is protected error

 

I am logged into CRXDE, groovy using the admin id.

 

The script that I am running is:

 

import javax.jcr.Node;
import com.day.cq.commons.jcr.JcrConstants;
path='/home/users/X'
//path='/home/users/M/M1Avimlq8VoAzLpigOXk' //admin user to keep
keepCount=0;
numberKept=0;
deleteCount=0;
numberDeleted=0;
others=0;
getUsers()
def getUsers(){
getNode(path).recurse
{ node ->
def usersToDelete='';
def usersToKeep='';
def val_primaryType='';
def val_principalName='';

if(node.hasProperty("jcr:primaryType")){
println("Log0 The start of new node " +node.getProperty('jcr:primaryType').string)
val_primaryType=node.getProperty('jcr:primaryType').string
if(val_primaryType=='rep:User'){ //top node primaryType is always rep:User
println("Log1 " +node.getProperty('jcr:primaryType').string)
if(node.hasProperty("rep:principalName")){
println("Log2 " +node.getProperty('jcr:primaryType').string)
val_principalName=node.getProperty('rep:principalName').string
if(val_principalName=='admin'){
println("Log3 " +node.getProperty('jcr:primaryType').string)
keepCount = keepCount+1;
usersToKeep='**KEEP USER**: '+node.getProperty('rep:principalName').string
println usersToKeep
} else {
println("Log4 " +node.getProperty('jcr:primaryType').string)
deleteCount = deleteCount+1;
usersToDelete='DELETE USER: '+node.getProperty('rep:principalName').string
println usersToDelete
}
} else {
println("Log5 " +node.getProperty('jcr:primaryType').string)
others = others+1;
}
}
}
println("Log6 The end of node " +node.getProperty('jcr:primaryType').string)
if(val_principalName!='admin' && val_primaryType=='rep:GrantACE'){
println("Log7 USER being DELETED " +node.getProperty('rep:principalName').string)
node.remove();
session.save();
println("Log8 USER has been DELETED " +node.getProperty('rep:principalName').string)
numberDeleted=numberDeleted+1;
} else {
numberKept=numberKept+1;
}

println (" ")
}
println (" ")
println("Log9 Reached the end of all users")
println (" ")
println ("Number to delete")
println deleteCount
println ("Number actually deleted")
println deleteCount
println ("Number to keep")
println keepCount
println ("Number actually kept")
println keepCount
println ("Others")
println others
}

The admin id has 'Access Control' set up to be 'jcr:all', which should allow for removing of nodes and removing of child nodes.

 

What am I missing?

Thanks

Lisa.

Accepted Solutions (1)

Accepted Solutions (1)

Jineet_Vora

28-09-2020

Hello @lisa_burrow,

 

I think you're trying to delete the ACE (Access Control Entry) and I don't think you can delete those nodes because it relies on inheritance mechanism where ACL permissions given on user node are passed down below '<user_node>/rep:policy'

Annotation 2020-09-28 214854.png


Even if you try to delete a ACE node from CRX as admin and save it, you will see a message like this 

 

 

Could not save changes. Received 409 (Conflict) for saving changes in workspace crx.default. Cannot remove protected node: no suitable handler configured.

 

 


Jineet

Answers (0)