I won’t say that the AC Tool solves the problem completely but it’s a good place to start. In future posts, I will tell you how to extend the functionality to give you more control over what you need for your specific organization.
What this tool does give you is a way to retrieve your permission information from your environments in the form of YAML files. It also provides an installation hook to deploy your YAML files to environments based on run modes. This means that you can have permissions for all of your environments in one code repository, it will only deploy the relevant permissions to the targeted environments with the matching run modes.
This is already a huge step forward from the manual process.
Installation
There are two packages you will need for installation. The first is the AC Tool package, the second is the oak index file for the same version. Though the index file is optional, it’s recommended for those who have a large number of groups. Personally, I don’t see a reason for not installing it either way.
One thing you want to keep in mind is that you should install the package only once per environment. This means you do not want to make a part of your regular code deployment, which can cause issues with your deployments.
There are two packages you will need for installation. The first is the AC Tool package, the second is the oak index file for the same version. Though the index file is optional, it’s recommended for those who have a large number of groups. Personally, I don’t see a reason for not installing it either way.
One thing you want to keep in mind is that you should install the package only once per environment. This means you do not want to make a part of your regular code deployment, which can cause issues with your deployments.
Creating YAML Files
Once you have the packages installed you can access the tool in two ways, either through the JMX console or through the tools navigation in AEM Tools Console.
Using the Netcentric Dashboard can pull the latest dump file or upload a package with your YAML files for testing.
Once you have the packages installed you can access the tool in two ways, either through the JMX console or through the tools navigation in AEM Tools Console.
Using the Netcentric Dashboard can pull the latest dump file or upload a package with your YAML files for testing.
Deploying Updates
Once you have your files retrieved and modified for import you can deploy them to your environment; remember, this is run mode based so make sure your run modes are valid for the environment you’re targeting. If you are only deploying to a single environment, you don’t have to use run modes.
To deploy you can create a maven project that packages your YAML file structure. If you add the Netcentric hook, it will automatically take effect. If you would rather double-check things, leave out the hook, and use the “Apply” feature in the Netcentric Dashboard for your changes to take effect. Remember to put in the path to your YAML files before you try to apply the updates.
This configuration will deploy only to environments with an author and a localdev run mode.
Once you have deployed your files, you can check the logs to see if it successfully updated the permissions you expected. If you aren’t seeing anything in the logs, you may want to check the package installation to make sure it was successful. If there are any errors in the YAML files, it will create an error and stop the installation.
Once you have your files retrieved and modified for import you can deploy them to your environment; remember, this is run mode based so make sure your run modes are valid for the environment you’re targeting. If you are only deploying to a single environment, you don’t have to use run modes.
To deploy you can create a maven project that packages your YAML file structure. If you add the Netcentric hook, it will automatically take effect. If you would rather double-check things, leave out the hook, and use the “Apply” feature in the Netcentric Dashboard for your changes to take effect. Remember to put in the path to your YAML files before you try to apply the updates.
This configuration will deploy only to environments with an author and a localdev run mode.
Once you have deployed your files, you can check the logs to see if it successfully updated the permissions you expected. If you aren’t seeing anything in the logs, you may want to check the package installation to make sure it was successful. If there are any errors in the YAML files, it will create an error and stop the installation.
Tips
- Whenever possible, don’t redeploy OOTB system users or groups. There’s really no need to unless you’re using them for a specific reason.
- Don’t create new users other than test users or system users.
- Do use this tool for removing obsolete users and groups. This way you can remove them from all environments consistently.
Netcentric AC Tool – Adding Service Users to Your YAML Files
By default, these files do not contain any user information, however, the tool does give you a pretty easy way to include these by using an OSGi configuration. The only drawback to this approach is that you can’t change it without changing the config. In the next post, I’ll show you how to create your own custom servlet to generate a custom YAML file.
In AEM, go to the Configuration Web Console (<host:port>/system/console/configMgr). Then, open the “AC Tool Dump Service” configuration. Check the box by “Include users in dumps”. Also note that even though it says “users”, it only includes Service Users, not regular users. Hopefully, they will rename it to say Service Users, as it’s a bit misleading.
Save your changes. What this does is adds a new section to your YAML files called “user_config”, and it includes service users’ information. It also adds service user ACLs to the ace_config section of the file.
In AEM, go to the Configuration Web Console (<host:port>/system/console/configMgr). Then, open the “AC Tool Dump Service” configuration. Check the box by “Include users in dumps”. Also note that even though it says “users”, it only includes Service Users, not regular users. Hopefully, they will rename it to say Service Users, as it’s a bit misleading.
Save your changes. What this does is adds a new section to your YAML files called “user_config”, and it includes service users’ information. It also adds service user ACLs to the ace_config section of the file.
References:
You can find more information on the AC Tool, including example files on their Github website.
https://github.com/Netcentric/accesscontroltool
Installation package files and oak index files are managed in maven, which can be found here:
https://repo1.maven.org/maven2/biz/netcentric/cq/tools/accesscontroltool/accesscontroltool-package/
https://repo1.maven.org/maven2/biz/netcentric/cq/tools/accesscontroltool/accesscontroltool-oakindex-package/
https://github.com/Netcentric/accesscontroltool
Installation package files and oak index files are managed in maven, which can be found here:
https://repo1.maven.org/maven2/biz/netcentric/cq/tools/accesscontroltool/accesscontroltool-package/
https://repo1.maven.org/maven2/biz/netcentric/cq/tools/accesscontroltool/accesscontroltool-oakindex-package/
Source:
No comments:
Post a Comment
If you have any doubts or questions, please let us know.