Open kwin opened 3 days ago
@YegorKozlov Any idea why we still ran into #3284? Was the aforementioned access control entry not enough (even the service user should inherit from everyone
)...
Update: Nevermind, found that redirects are stored below settings/redirects
which is not covered by any of the rep:subtrees from above!.
The repoinit script from https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/all/src/main/content/jcr_root/apps/acs-commons/config/org.apache.sling.jcr.repoinit.RepositoryInitializer-acs-commons-all.config grants
jcr:read
in/conf
to several system users. That is redundant as AEM 6.5 and AEMaaCS ship with the following default permissions foreveryone
:allow jcr:read on /conf with restrictions: [rep:subtrees: '/global/site-templates/,/settings/wcm/,/sling:configs/,/settings/dam/cfm/models/,/settings/graphql/persistentQueries' ]