Henry Kuijpers created SLING-10134:
--------------------------------------
Summary: Deleting ACEs for users that don't exist is impossible
Key: SLING-10134
URL: https://issues.apache.org/jira/browse/SLING-10134
Project: Sling
Issue Type: New Feature
Components: Repoinit
Affects Versions: Repoinit JCR 1.1.30
Reporter: Henry Kuijpers
We're looking into using Sling Repo Init to clean up old permissions that have
been left behind in our instances over time. We used the following syntax:
delete service user sv-read-apps-website-components
set ACL for sv-read-apps-website-components
remove * on /apps/website/components
end
We get the following error: 09.02.2021 21:57:38.961 *ERROR* [CM Event
Dispatcher (Fire ConfigurationEvent:
pid=org.apache.sling.jcr.repoinit.RepositoryInitializer.25c1f862-75bd-4cd9-9ca1-b612f8752544)]
com.adobe.granite.repository.impl.SlingRepositoryManager Exception in a
SlingRepositoryInitializer: RepositoryInitializerFactory, references=[],
scripts=2 java.lang.RuntimeException: Failed to set ACL
(java.lang.IllegalStateException: Authorizable not
found:sv-read-apps-website-components) AclLine REMOVE_ALL
{paths=[/apps/website/components]} at
org.apache.sling.jcr.repoinit.impl.AclVisitor.setAcl(AclVisitor.java:63)
[org.apache.sling.jcr.repoinit:1.1.8] at
org.apache.sling.jcr.repoinit.impl.AclVisitor.visitSetAclPrincipal(AclVisitor.java:84)
[org.apache.sling.jcr.repoinit:1.1.8] at
org.apache.sling.repoinit.parser.operations.SetAclPrincipals.accept(SetAclPrincipals.java:53)
[org.apache.sling.repoinit.parser:1.2.2] ....
I think it's fine that the authorizable is not found: It doesn't have to exist,
in order to be able to remove ACEs, which is exactly what we are trying to
achieve: remove left behind ACEs for our deleted service users.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
