3

we want to set up a new Author environemt and wanted to export all users and acl from an existing author to the new one. Is there an simple way to do this? No LDAP available.

Thanks and Regards Patrick

Edit:

Found this http://www.wemblog.com/2011/11/how-to-create-package-based-on-xpath-in.html and could export all Users and reimport them on a fresh system.

patricks
  • 155
  • 1
  • 9
  • I'm right playing with vlt. Are there any tipps how to specify to extract only ACL date from the users? – patricks Nov 20 '12 at 13:49

2 Answers2

2

Users and groups can be activated from Author to Publish - You could try configuring the old Author to replicate to the new author, then using the Tree Activation to push the users to the new instance.

antonyh
  • 2,131
  • 2
  • 21
  • 42
  • Will all ACL will be activated too? I could export the user via the package manager and import them without problems. But more important for me are the acl within content/workflow management. – patricks Dec 14 '12 at 08:38
  • Yes, it carries across ACLs in packages and when activating content. If you have a node with an ACL and you extract the .zip package to disk (this also applies to activations but is harder to see), it has _rep_policy.xml files that represent the hidden data for the security. The tag-administrators group has a rep:ACL definition, but the rules are on the /etc/tags - the _rep_policy.xml in an extracted package for this node has the permissions for the tag-adminstrators group. So, the user is assigned groups, and the node is assigned ACLs and these are packaged / replicated. Either way works. – antonyh Dec 15 '12 at 11:31
  • The user nodes have groups assigned, but the rules for the groups are held in the related nodes: in the example, they are in /etc/tags not in /home/group/t/tag-administrators, or in the user nodes that belong to this group. – antonyh Dec 15 '12 at 11:32
  • 1
    Wonderful, glad to hear it worked. Also, the rep:policy node isn't hidden as I first assumed - it's visible the same as all the other nodes. If a node has ACLs applied, you can see the settings as properties within CRX. – antonyh Dec 18 '12 at 11:15
  • @antonyh What does `rep` mean in this context (e.g. `_rep_policy.xml`)? – TheFooProgrammer Feb 13 '14 at 03:18
  • @drop-shadow I've never seen it explicitly defined but as far as I can tell `rep` is the namespace for 'repository' - it's a Jackrabbit internal. You can get a list of all the JCR node types in the [source code for builtin nodetypes](https://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd). You might find a definition of `rep` in the [JCR spec](http://www.day.com/specs/jcr/2.0/index.html) but I failed to spot it. – antonyh Feb 18 '14 at 11:43
1

My colleague Jason reminded me of this: users and groups are content like everything else. So you can make a content package from all or part of the /home JCR node.

David Gorsline
  • 4,933
  • 12
  • 31
  • 36
  • are there any acl settings within? We try to keep the standard acl for /content/WEBSITE – patricks Oct 31 '12 at 13:13
  • Yes, there are ACL nodes in /home. I would think they would port like everything else -- but I am speculating. – David Gorsline Oct 31 '12 at 13:30
  • Ok it would work if the home node was not protected. I tried editing the everyon group (setting all ACL to apply) but every time i import the /home crx package it says "node is protected". Any ideas in this direction? – patricks Nov 01 '12 at 09:02
  • this does not work as tokens generated against each users on different CQ instances are different and results in `"mandatory property {internal}token.key does not exist"`. Any views – Rupesh Jan 05 '15 at 08:37