Disabling CUG roots consequences | Community
Skip to main content
S
svenw22098367
New Participant
September 14, 2016
Solved

Disabling CUG roots consequences

  • September 14, 2016
  • 5 replies
  • 2011 views

Good day,

While figuring out the right way to configure closed user groups for my AEM 6.0 publisher, I came across the option to enable/disable CUG roots (in the OSGI configuration of component com.day.cq.auth.impl.cug.CugSupportImpl). At the moment, the CUG roots option is enabled.

I'm having trouble figuring out what exactly this option entails. I've tried Google and the AEM and JCR documentation, but I'm not finding a clear explanation.

Can someone explain what CUG roots are and what the consequences would be if I were to disable them in the OSGI configuration of component com.day.cq.auth.impl.cug.CugSupportImpl?

Thanks!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

Hi,

the CugSupportImpl translates the CUG settings into ACL. Disabling this service (via the config) does not revert the ACLs. So to get rid of these ACLS you can

1) remove the ACLs manually

2) enable the CUG mechanism again and make sure, that you remove the CUG related settings on author and activate again. This will cause a recreation of the correct ACL settings (no ACL);  after that you can disable the service again.

Jörg

5 replies

S
svenw22098367Author
New Participant
September 15, 2016

Ignore my previous comment. It turns out we have a custom piece of code that is responsible for this functionality.

I now understand how it works and am able to use it properly.

Thanks for the help!

S
svenw22098367Author
New Participant
September 15, 2016

I've found that if I disable CUG roots and remove ACL's, yet keep the "cq:cugEnabled" set to true and "cq:cugPrincipals" set to an array of roles, that the page for which those CUG's are set is still only accessible for who have the roles specified in "cq:cugPrincipals". How is it possible that even though there is no "rep:policy" node anymore which holds the ACE data, that CUG's still seem in effect?

joerghoh
joerghohAccepted solution
Employee
September 15, 2016

Hi,

the CugSupportImpl translates the CUG settings into ACL. Disabling this service (via the config) does not revert the ACLs. So to get rid of these ACLS you can

1) remove the ACLs manually

2) enable the CUG mechanism again and make sure, that you remove the CUG related settings on author and activate again. This will cause a recreation of the correct ACL settings (no ACL);  after that you can disable the service again.

Jörg

S
svenw22098367Author
New Participant
September 15, 2016

I have now disabled the CUG roots, but I don't notice any change in functionality. I can still configure closed user groups for pages and still only users with the roles described in the "cq:cugPrincipals" have access. Shouldn't this stop working?

Sven

joerghoh
joerghoh
Employee
September 14, 2016

The label in the configMgr is a bit misleading. It should just be "enabled" and if it's checked the CUG mechanism is working. If you don't use CUGs there is no real difference if you have it enabled or not.

Jörg

Terms & ConditionsAccessibility statement

Loading footer...