-
Notifications
You must be signed in to change notification settings - Fork 600
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redundant jcr:read permissions on /conf #3376
Comments
@YegorKozlov Any idea why we still ran into #3284? Was the aforementioned access control entry not enough (even the service user should inherit from Update: Nevermind, found that redirects are stored below |
@kwin I assume this is the same for marketo? Can we close this? |
@davidjgonzalez Sorry, I am not following. Which marketo path/config are you referring to? Why should this justify closing this ticket? |
I am not familiar with the service users, but as long as they only use content below the allowed subtrees there is no need for it. Potential candidates are |
the only ACL block need is
this one is obsolete, but let me confirm first.
|
@kwin I'm going to remove this one
and refactor Redirect Manager to not require service users at all. With redirects readable to everyone we can access them using request's resolver. The service user and the reference to @ResourceResolverFactory will go away. |
… require service user
… require service user
… require service user
* #3376 Redirect Manager: refactor code to not require service user
The repoinit script from https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/all/src/main/content/jcr_root/apps/acs-commons/config/org.apache.sling.jcr.repoinit.RepositoryInitializer-acs-commons-all.config grants
jcr:read
in/conf
to several system users. That is redundant as AEM 6.5 and AEMaaCS ship with the following default permissions foreveryone
:allow jcr:read on /conf with restrictions: [rep:subtrees: '/global/site-templates/,/settings/wcm/,/sling:configs/,/settings/dam/cfm/models/,/settings/graphql/persistentQueries' ]
The text was updated successfully, but these errors were encountered: