The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complex Access Control Lists in AEM. Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. See Comparison to other approches for a comprehensive overview.
See also our talk at adaptTo() 2016
The AC Tool requires Java 8 and AEM 6.4 or above (use v2.x for older AEM versions which runs on Java 7 and AEM 6.1 SP1 or above) for on-premise installations. Since v2.5.0 AEM as a Cloud Service is supported, see Startup Hook for details.
It is also possible to run the AC Tool on Apache Sling 11 or above (ensure system user
jcr:all permissions on root). When using the AC Tool with Sling, actions in ACE definitions and encrypted passwords cannot be used. To use the
externalId attribute, ensure bundle
oak-auth-external installed (not part of default Sling distribution).
For quick ad hoc testing and getting to know the AC Tool, the easiest is to
For properly integrating the AC Tool in your own deployment package see Installation.
There are also some advanced configuration options supported such as loops, conditional statements and permissions for anonymous.
There is a Felix Web Console plugin (at
/system/console/actool) as well as a Touch UI console (at
/mnt/overlay/netcentric/actool/content/overview.html) to apply configurations and to inspect previous executions of the tool. Additionally there is a JMX interface for some advanced use cases.
Best practice is to apply the AC Tool Configuration using the install hook (or startup hook for CS) during your project's software package installation. See applying the ACL entries for a full list of options.
You can easily migrate to AC Tool following four simple steps.
If needed you can build the AC Tool yourself.
The AC Tool is licensed under the Eclipse Public License - v 1.0.