I know I can give permissions in
${host}:4502/useradmin
when I double click user login and go to Permissions tab
I want to give permissions when I deploy content package.
Is it possible?
How to give user permissions programmatically?
Asked Answered
I added under the folder where I want to configure permissions file with name
_rep_policy.xml
with content like this:
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:ACL">
<allow
jcr:primaryType="rep:GrantACE"
rep:principalName="myusername"
rep:privileges="{Name}[jcr:read,rep:write,jcr:versionManagement,jcr:lockManagement]"/>
</jcr:root>
and in pom.xml I added following entry:
<profiles>
<profile>
<id>autoInstallContentPackage</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>com.day.jcr.vault</groupId>
<artifactId>content-package-maven-plugin</artifactId>
<executions>
<execution>
<id>install-package</id>
<goals>
<goal>install</goal>
</goals>
</execution>
</executions>
<configuration>
...
<properties>
<acHandling>Overwrite</acHandling> //allow modify permissions
</properties>
</configuration>
</plugin>
</plugins>
</build>
</profile>
....
When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).
I want to give permissions when I deploy content package.
- You can deploy an AEM package containing only rep:policies which will serve the same purpose of setting up permissions through useradmin.
You can refer to ACL packager from ACS Tools for packaging ACLs.
Note : The user who is installing the package needs to have permission to set ACLs
To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .
org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
org.apache.jackrabbit.api.security.JackrabbitAccessControlList
javax.jcr.security.Privilege
Indeed you might want to look into session.getAccessControlManager().getPolicies(...) –
Thumbsdown
I added under the folder where I want to configure permissions file with name
_rep_policy.xml
with content like this:
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
jcr:primaryType="rep:ACL">
<allow
jcr:primaryType="rep:GrantACE"
rep:principalName="myusername"
rep:privileges="{Name}[jcr:read,rep:write,jcr:versionManagement,jcr:lockManagement]"/>
</jcr:root>
and in pom.xml I added following entry:
<profiles>
<profile>
<id>autoInstallContentPackage</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>com.day.jcr.vault</groupId>
<artifactId>content-package-maven-plugin</artifactId>
<executions>
<execution>
<id>install-package</id>
<goals>
<goal>install</goal>
</goals>
</execution>
</executions>
<configuration>
...
<properties>
<acHandling>Overwrite</acHandling> //allow modify permissions
</properties>
</configuration>
</plugin>
</plugins>
</build>
</profile>
....
You can use curl command to set permissions. AEM OOB provide Curl scripts to: 1. Create/Delete groups 2. Create/Delete users 3. Add groups/users in groups 4. Add permissions in group
one example of assigning permissions using curl is:
curl -u admin:admin -X POST --noproxy localhost -FauthorizableId=MyGroup -Fchangelog=path:/content/site/page/path,read:true,modify:true,create:true,delete:true,acl_read:false,acl_edit:false,replicate:false http://localhost:4502/.cqactions.html
This can be automated using a script easily (bat file or a shell script or some java program).
Great answer and I'd like to highlight the AEM OOB part. All the privilege@jcr:read examples around require the jackrabbit-accessmanager bundle. –
Thumbsdown
© 2022 - 2024 — McMap. All rights reserved.