Return-Path: Delivered-To: apmail-jackrabbit-users-archive@locus.apache.org Received: (qmail 45006 invoked from network); 19 Nov 2008 14:58:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Nov 2008 14:58:39 -0000 Received: (qmail 57500 invoked by uid 500); 19 Nov 2008 14:58:47 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 57486 invoked by uid 500); 19 Nov 2008 14:58:47 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 57475 invoked by uid 99); 19 Nov 2008 14:58:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 06:58:46 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [62.153.155.10] (HELO cascabel.mtg-marinetechnik.de) (62.153.155.10) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 14:57:24 +0000 Received: (from mail@localhost) by cascabel.mtg-marinetechnik.de (8.12.10/8.12.10) id mAJEw6Hh004790 for ; Wed, 19 Nov 2008 15:58:06 +0100 Received: from unknown by gateway id /processing/kwp4Hxrv; Wed Nov 19 15:57:44 2008 Received: from localhost (localhost [127.0.0.1]) by anaconda.mtg-marinetechnik.de (Postfix) with ESMTP id 0BEBF474C6; Wed, 19 Nov 2008 15:57:44 +0100 (CET) X-Virus-Scanned: amavisd-new at mtg-marinetechnik.de Received: from anaconda.mtg-marinetechnik.de ([127.0.0.1]) by localhost (anaconda.mtg-marinetechnik.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paIVlS6dHBAR; Wed, 19 Nov 2008 15:57:37 +0100 (CET) Received: from [128.1.21.4] (moria.mtg-marinetechnik.de [128.1.21.4]) by anaconda.mtg-marinetechnik.de (Postfix) with ESMTP id B8FAA4729F for ; Wed, 19 Nov 2008 15:57:37 +0100 (CET) Message-ID: <49242961.5040402@mtg-marinetechnik.de> Date: Wed, 19 Nov 2008 15:57:37 +0100 From: Roland Klein Organization: MTG Marinetechnik GmbH User-Agent: Thunderbird 2.0.0.17 (X11/20080922) MIME-Version: 1.0 To: users@jackrabbit.apache.org References: <4923B916.3030002@mtg-marinetechnik.de> <4923D09A.7000803@day.com> In-Reply-To: <4923D09A.7000803@day.com> Subject: Re: Access control on property level? Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Angela Schreiber schrieb: > hi roland > >> are there planings to extend the access control of jackrabbit to honour >> privileges to properties? >> Restrict/grant access not only on node level but also on property level. > > with the changes made for "JCR-1588 JSR 283: Access Control" > and the corresponding jackrabbit specific extensions it > is possible to grant/restrict access to properties by > adding additional restrictions to an ACE. > > regards > angela > > Sorry maybe i wasn't clear enough. i meant grant or deny acces to an individual property of a node. e.g. [vo:address] > nt:unstructured - vo:name (String) - vo:street (String) - vo:city (String) etc. - vo:mySecret (String) Than two Principals A and B. - A has read/write access to all properties of Address addr. - B has read/write access to all properties of Address addr accept the Property vo:mySecret Will this be possible in Jackrabbit 1.6 or 2.0? Because i just checked out the trunk for 1.6-SNAPSHOT and tried to restrict the access but got an PathNotFoundException. Than i realized ACL's could only be assigned to nodes, but how do i build a correct ACL which i can assign to the node? am i missing something? thanks roland -- Roland Klein Tel: +49 40 65803 209 Fax: +49 40 65803 392 roland.klein@mtg-marinetechnik.de MTG Marinetechnik GmbH - Wandsbeker Koenigstr. 62 - D 22041 Hamburg GF Dipl.-Ing. Ullrich Keil Handelsregister: Abt. B Nr. 11 500 - Amtsgericht Hamburg Abt. 66 USt.-IdNr.: DE 1186 70571