jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: [Group management] Define ACL on a group to allow membership modification but deny group deletion
Date Tue, 01 Apr 2014 07:03:54 GMT
hi vikas

yes, that's the way this is now handled in oak by default. if you
want to have regular 'removeNode' permissions being enforced for
removing a group or user you can to set the "permissionsJr2" config
parameter to ""USER_MANAGEMENT" in the authorization config. as
an effect the rep:userManagement privilege is no longer respected.

kind regards
angela

On 29/03/14 19:48, "Vikas Saurabh" <vikas.saurabh@gmail.com> wrote:

>Hi,
>
>I want to have a group (say 'authors'), such that members of another group
>(say 'root') can add/remove members to it, but can't delete the group
>itself.
>
>To allow membership modification, I had to give rep:userManagement. But,
>with that, even after denying 'removeNode', I could delete the group by
>group.remove().
>
>Thanks,
>Vikas


Mime
View raw message