AEMaaCS: permissions set only on immutable content

[dominik-przybyl-wttech]

Scenario: I've created new cloud dev instance. I've also create new project based on aem project archetype, in which I've added following changes:

• add yaml scripts with permission configuration, adds mysite-fragment-mysite-all-acl group to /apps/mysite, /apps/dam, /content/mysite, /content/dam folders
• org.apache.sling.jcr.repoinit.RepositoryInitializer~mysite-user.cfg.json - repoinit configuration, which creates system user
• org.apache.sling.jcr.repoinit.RepositoryInitializer~netcentric-dir.cfg - repoinit configuration, which creates /apps/netcentric folder
• org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-ncActoolSystemUser.config - configuration, which maps mysite-system-user with biz.netcentric.cq.tools.accesscontroltool.bundle and biz.netcentric.cq.tools.accesscontroltool.startuphook.bundle
• biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.cfg.json - configuration, which install yaml scrips.

It means that I don't have ACTools in my all-in-one package.
Here is PR with that changes https://github.com/dominik-przybyl-wttech/mysite/pull/1

That I've deployed this code on new cloud dev instance.

Result: Permissions have been set only on immutable content (fig1, fig2). No permissions have been set on mutable content (fig5). History logs from build phase have been saved under /apps/netcentric/achistory folder (fig3). he History logs show that yaml scripts were executed by biz.netcentric.cq.tools.actool.startuphook.impl.AcToolStartupHookServiceImpl service (trigger=startup_hook_image_build) (fig3). History logs have been created by mysite-system-user user (fig4). There is no history logs for mutable content (/var/statistics/achistory folder) (fig6).

How is this possible?

• fig 1
• fig 2
• fig 3
• fig 4
• fig 5
• fig 6

[kwin]

Sounds like https://github.com/Netcentric/accesscontroltool/issues/545.

[dominik-przybyl-wttech]

I think my case is different. In my project I don't use ACTool, I didn't add ACTool dependency in any pom. I've only added some scripts and configurations. My expectation were that nothing will happened (no permissions added, no achistory logs), but somehow I have traces ACTool execution during build phase.