Repository files navigation

The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complexAccess Control Lists in AEM as well as users and groups.Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. Seecomparison to other approaches for a comprehensive overview.

Features:

• easy-to-readYaml configuration file format
• run mode support
• automatic installation with install hook
• cleans obsolete ACL entries when configuration is changed
• ACLs can be exported
• management of user's key stores
• stores history of changes
• ensured order of ACLs
• built-in expression language to reduce rule duplication

See also our talk atadaptTo() 2016

The AC Tool requiresJava 11 and AEM 6.5.18 or above (use v3.x for older AEM versions which runs on Java 8 and AEM 6.4 or above) for on-premise installations. Since v2.5.0AEM as a Cloud Service is supported, seeStartup Hook for details.

It is also possible to run the AC Tool onApache Sling 12 or above (ensure system useractool-service hasjcr:all permissions on root). When using the AC Tool with Sling, actions in ACE definitions and encrypted passwords cannot be used. To use theexternalId attribute, ensure bundleoak-auth-external installed (not part of default Sling distribution).

Thecontent package is available fromthe Maven Central repository

For quick ad hoc testing and getting to know the AC Tool, the easiest is to

• Install the latest version via AEM's package manager
• Create a sample YAML file in CRXDE (e.g./apps/actool-test/test.yaml)
• Apply this config using the UI (seeUser Interface below)

For properly integrating the AC Tool in your own deployment package seeInstallation.

You need to setupYaml configuration files to specify your users, groups and ACL entries. See also thebest practices for hints on structuring.

There are also someadvanced configuration options supported such as loops, conditional statements and permissions for anonymous.

There is aFelix Web Console plugin (at/system/console/actool) as well as aTouch UI console (at/mnt/overlay/netcentric/actool/content/overview.html) to apply configurations and to inspect previous executions of the tool. Additionally there is aJMX interface for some advanced use cases.

Best practice is to apply AC Tool Configurations using the install hook (or startup hook for Cloud Service) during your project's software package installation. Seeapplying the ACL entries for a full list of options.

You can easily migrate to AC Tool followingfour simple steps.

If you have any questions which are still answered after reading thedocumentation feel free to raise them in thediscussion forum.

Contributions are highly welcome in the form ofissue reports,pull request or providing help in ourdiscussion forum.

If needed you canbuild the AC Tool yourself.

The AC Tool is licensed under theEclipse Public License - v 2.0.