AEM: Merging 'rep:policy' permission files from configuration

2017-08-25

If you want to merge existing permissions with new configuration you can by doing the following:

<acHandling>merge_preserve</acHandling> is necessary to keep you older policy.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<plugin>
    <groupId>com.day.jcr.vault</groupId>
    <artifactId>content-package-maven-plugin</artifactId>
    <configuration>
        ...
        <properties>
            <acHandling>merge_preserve</acHandling>
        </properties>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>install</goal>
            </goals>
        </execution>
    </executions>
</plugin>

A _rep.policy.xml file, in this case I am granting the 'service-user' all rights:

1
2
3
4
5
6
7
8
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
          jcr:primaryType="rep:ACL">
    <this-can-be-anything
            jcr:primaryType="rep:GrantACE"
            rep:principalName="service-user"
            rep:privileges="{Name}[jcr:versionManagement,jcr:modifyAccessControl,jcr:read,jcr:readAccessControl,crx:replicate,rep:write,jcr:lockManagement]"/>
</jcr:root>

A filter rule in your filer.xml (inside META-INF):

<filter root="/rep:policy"/>

This should be enough to merge your new permissions with already existing ones. If you do have any questions, do not hesitate to contact me or leave a comment below.