From oak-issues-return-69773-archive-asf-public=cust-asf.ponee.io@jackrabbit.apache.org Wed Apr 3 09:48:05 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id BC378180600 for ; Wed, 3 Apr 2019 11:48:04 +0200 (CEST) Received: (qmail 81680 invoked by uid 500); 3 Apr 2019 09:48:03 -0000 Mailing-List: contact oak-issues-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-issues@jackrabbit.apache.org Received: (qmail 81669 invoked by uid 99); 3 Apr 2019 09:48:03 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Apr 2019 09:48:03 +0000 Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 279CEE031B for ; Wed, 3 Apr 2019 09:48:03 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id DDBBD24599 for ; Wed, 3 Apr 2019 09:48:02 +0000 (UTC) Date: Wed, 3 Apr 2019 09:48:02 +0000 (UTC) From: "angela (JIRA)" To: oak-issues@jackrabbit.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (OAK-8190) Dedicated authorization for system users MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/OAK-8190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16808551#comment-16808551 ] angela commented on OAK-8190: ----------------------------- some initial work can be found at https://github.com/anchela/jackrabbit-oak/tree/poc-authorization/oak-authorization-principalbased > Dedicated authorization for system users > ---------------------------------------- > > Key: OAK-8190 > URL: https://issues.apache.org/jira/browse/OAK-8190 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: security > Reporter: angela > Assignee: angela > Priority: Major > > in a oak setup with immutable mounts we would like to be able to cover system users and their permissions with a separate mount. while setting up a mount for system users is feasible out of the box, this doesn't apply for the default access control content created for the associated system user principals, which due to the nature of the default authorization implementation will be distributed across the repository. in addition any entries created for any system user principal may be collocated in a mutable policy with entries for regular principals and where the order is crucial for the resulting effective permissions.Therefore it would be desirable if in a mount-based setup system users and their permission setup were to be collocated in the same mount. > [~stillalex], fyi -- This message was sent by Atlassian JIRA (v7.6.3#76005)