jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: [Group management] Define ACL on a group to allow membership modification but deny group deletion
Date Tue, 01 Apr 2014 08:44:39 GMT
hi vikas

>are there any side - effects of 'set the "permissionsJr2" config
>parameter to ""USER_MANAGEMENT" in the authorization config.'?

the side effect is that all user management related operations will be
covered by regular write permissions and the specific user management
permission for creating, modifying and removing items identifying user
and groups will not longer be respected... that's the behavior as it
used to be in jackrabbit 2.x. since many of those items are protected
it's more consistent to have them handled by dedicated permissions.

>Also, does it seem like a valid requirement to allow membership
>modification but not whole user management privilege? Should I log an
>for this?

we could make the rep:userManagement privilege an aggregate in order to
allow for more fine grained control. feel free to file an improvement in
oak jira.

kind regards


View raw message