jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Accessibility of NodeTypes, Privileges and Namespaces
Date Mon, 22 Apr 2013 11:45:06 GMT


On 4/22/13 1:37 PM, Jukka Zitting wrote:
> Hi,
>
> On Mon, Apr 22, 2013 at 2:14 PM, Angela Schreiber<anchela@adobe.com>  wrote:
>> that's basically my proposal a) but i am not totally sure if that's
>> the best solution... in particular it will not work if someone
>> would deny read-access to a 'user' on the root node...
>
> Wouldn't an ACL on the /jcr:system subtree override one on the root node?

it would as long as only aces for group principals are used.
but user principals take precedence over group principals...

>> in addition
>> i am not sure, if we really want to have full/regular ac-evaluation
>> for those trees...
>
> I don't see much harm in having them under normal access control.

no harm. but it feels strange to me... and it might also be
troublesome when it comes to upgrading an existing repository.

> Did
> you have something specific in mind? On the contrary, avoiding a
> special case for this should help keep the relevant code simple.

maybe... but if this kind of access is *always* required there
is not much benefit in making it look as if it could be edited.
more to come in the issue...

angela

> BR,
>
> Jukka Zitting

Mime
View raw message