Overview
By default, the Modernize Tools are only accessible to Administrators. Since the conversions are run as scheduled jobs, they are performed using a service user aem-modernize-convert-service
. This user is granted write access to the necessary paths within the repository. Therefore, Authors will not be able to access the tools UI nor schedule a job through an API without the proper permissions.
Requisite Permissions
All Jobs
The user must have the specified access to the following paths:
- /apps/aem-modernize
jcr:read
- /apps/cq/core/content/nav/tools/aem-modernize
jcr:read
- /var/aem-modernize/job-data
jcr:read
rep:write
The first two will grant the user access to see the user interface for configuring jobs. The third will grant the user access to create a job definition and initiate it.
All-in-One Jobs
This job type is an aggregate of the other jobs, therefore users must have all the rights defined in the remaining job types.
Page Structure Jobs
The user must have jcr:read
and rep:write
, to the paths of the pages that they which to convert. This can usually be granted by adding the user to an Authors group.
Additionally, if the user chooses to select a target path for copying pages prior to transformation; then the user must have the same rights to that path as well.
Component Conversion Jobs
The user must have jcr:read
and rep:write
, to the paths of the pages that they which to convert. This can usually be granted by adding the user to an Authors group.
Policy Import Jobs
The user must have jcr:read
to the pages referenced by the job. In addition, the user must also have jcr:read
and rep:write
to the Page’s design location (i.e. /etc/design/...
), as well as the desired /conf
path output location.