ACL Installation fails when adding metadata based restrictions through the YML File.

[jetxed]

Hi,

I am trying to setup a metadata based restriction on a folder and my code looks like below.

    - path: /content/dam/xxx/content-portfolio/testfolder/active-folder
      permission: allow
      privileges: jcr:read
      restrictions: {"dam:status":"approved"}

As per the Adobe's documentation described here I am also adding the custom status field (dam:status) into the DefaultRestrictionProviderConfiguration OSGI Config, which looks like below.

{
"restrictionPropertyNames":[
"dam:status"
],
"restrictionContentPropertyNames":[],
"enabled":true
}

This seems to be working fine in local, however, this never works in the Cloud Environments, below is the error in the logs.

17:31:00.336: ERROR: Could not process yaml files / e=biz.netcentric.cq.tools.actool.validators.exceptions.InvalidRestrictionsException: Validation error while reading ACE definition nr.63 of authorizable DAM Asset Consumers AEM, this repository doesn't support following restriction(s): [dam:status]

I can see the newly added field visible in the "Restrictions" dropdown when trying to add a new ACL through the interface manually (Only in Dev, Stage and RDE but not in RDE). Not sure where it is going wrong.

Is this failing because Netcentric tool is getting executed before the OSGI configs are set through the deployment? If so, how can I delay the execution of this ACL tool so it only happens after the custom status is added into the OSGI configurations?

Regards,
KK

[jetxed]

Hi - Can I get some response to this issue?

[kwin]

Please try with just status (without the dam namespace prefix). Also at which stage of the Cloud installation do you get the exception (https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#installation-in-aem-as-a-cloud-service)?

[kwin]

The issue is now tracked in #854.