Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Resolved] - Unable to add/remove/change ACL on workspaces, sections and documents

Go to answer
freemann_
Star Contributor
Star Contributor

‎02-09-2023 02:49 AM

Hello Florent Guillaume Kevin Leturc ,

Since my last post here on this subject which never resolved, I come back with another interesting one.

Since migration on LTS2021, the exception change and now I have this when I try to add/change or remove an ACL .

2023-02-09T08:43:07,765 WARN  [https-jsse-nio-0.0.0.0-8443-exec-6] [org.nuxeo.ecm.automation.core.trace.Trace] 

****** chain ******
Name: Document.RemovePermission
Exception: OperationException
Caught error: Failed to invoke operation Document.RemovePermission
Caused by: org.nuxeo.ecm.automation.OperationException: Failed to invoke operation Document.RemovePermission
****** Hierarchy calls ******
        org.nuxeo.ecm.automation.core.operations.document.RemovePermission

2023-02-09T08:43:07,766 ERROR [https-jsse-nio-0.0.0.0-8443-exec-6] [org.nuxeo.ecm.webengine.app.WebEngineExceptionMapper] org.nuxeo.ecm.core.api.NuxeoException: Failed to invoke operation: Document.RemovePermission
org.nuxeo.ecm.core.api.NuxeoException: Failed to invoke operation: Document.RemovePermission
        at org.nuxeo.ecm.automation.server.jaxrs.ExecutableResource.doPost(ExecutableResource.java:87) ~[nuxeo-automation-server-2021.19.10.jar:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
....
Caused by: java.lang.IllegalArgumentException: Negative ACL not allowed: ACE(username=members, permission=CanAskForPublishing, isGranted=false, creator=null, begin=null, end=null)

Thanks for your help

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Konrad_Krenzlin
Confirmed Champ
Confirmed Champ

‎02-09-2023 03:17 AM

Your log shows a Negative ACL not allowed. Checking the source code this is due to a configuration that does not allow non-granting ACEs by default.

See https://doc.nuxeo.com/nxdoc/configuration-parameters-index-nuxeoconf/#nuxeosecurityallownegativeacl

View answer in original post

0 Kudos
2 REPLIES 2

Go to answer
Konrad_Krenzlin
Confirmed Champ
Confirmed Champ

‎02-09-2023 03:17 AM

Your log shows a Negative ACL not allowed. Checking the source code this is due to a configuration that does not allow non-granting ACEs by default.

See https://doc.nuxeo.com/nxdoc/configuration-parameters-index-nuxeoconf/#nuxeosecurityallownegativeacl

0 Kudos

Go to answer
freemann_
Star Contributor
Star Contributor
In response to Konrad_Krenzlin

‎02-09-2023 05:17 AM

[Konrad Krenzlin](https

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC